The artificial intelligence company recently notified the public of a large data breach that took place earlier this year.

 

What happened

According to a website set up by Xsolis, Inc., the company recently notified the public of a data breach that impacted both personal and protected health information.

Xsolis, which uses AI to provide collaborative services to healthcare organizations, stated they first became aware of unauthorized activity on January 22nd, 2026. Soon after, they learned that the incident was the result of a targeted phishing attack on January 20th, 2026. Xsolis directly integrates with electronic health systems and works with over 600 hospitals and health insurers, meaning they have access to a vast amount of sensitive data. According to a report to the Department of Health and Human Services(HHS), 1,396,519, or approximately 1.4 million, individuals were impacted.

 

Going deeper

Xsolis shared that the phishing incident impacted only a limited portion of their network environment and was quickly contained. Through an investigation, Xsolis found that the accessed information includes names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information.

In response to the incident, Xolis said that the company reset passwords for all users and key accounts, increased system monitoring, and rolled out updated security measures. To prevent future phishing incidents, Xsolis will increase security training programs and strengthen its current system for managing credentials.

 

In the know

Xsolis is currently going through a rebrand, with its largest change taking place to its core platform, which was previously known as CORTEX and will now be referred to as Dragonfly. The company boasts that the platform will be able to quickly analyze patient data using AI and machine learning, tools that are increasingly being integrated into healthcare. While AI has numerous benefits in healthcare, many previously outlined by Paubox, it can also present challenges. One study from IBM on reducing practitioners’ administrative workload found that “AI can automate the sending of formal communications, such as emails, memos, and announcements, ensuring they are delivered to the right people at the right time,” saving workers time and potentially preventing burnout from mundane tasks. The study shared how generative AI can also “help clinicians with note-taking and content summarization that can help keep medical records thorough and complete. AI might also help with accurate coding and sharing of information between departments and billing.”

Yet AI can also lead to a number of other issues, from within an organization and beyond. Using AI requires careful consideration of how the data will be processed, stored, and utilized. As AI allows a larger amount of data to be processed, it increases the amount of data that could be potentially stolen. Malicious organizations are using AI too, with attacks becoming more numerous and sophisticated.

 

The big picture

The targeted attack against Xsolis shows how one seemingly minor misstep can lead to a massive issue. Since this breach was linked to phishing, it’s very possible that one employee found themselves responding to an email or clicking on a link that looked innocuous. Even though Xsolis’ system is now secure, they will likely continue to recover from this event for a long time, and their efforts may include preparing for a class action suite, audits from the HHS, and more.

 

FAQs

What is the difference between a targeted attack versus an opportunity-based incident?

A targeted attack implies that Xsolis was specifically sought out by threat actors. In many cases, malicious groups attack organizations out of opportunity, meaning that they don’t particularly care what organization they attack and instead look for organizations that have more obvious vulnerabilities.

 

How could resetting passwords be beneficial?

Resetting the passwords of Xsolis users can be an effective tactic to prevent malicious actors from infiltrating additional accounts. By taking this step, Xsolis reveals that the incident likely led to passwords being compromised and accounts being accessed, or for the possibility of it. By mass-resetting passwords, Xsolis will likely prevent additional accounts from being accessed, but could cause operational delays for those who are unaware or confused by the situation.