1.4 Million Patient Records Exposed in Xsolis Healthcare Breach

What Happened

Xsolis, a company that provides artificial intelligence services to hospitals and healthcare providers, confirmed that 1.4 million patient records were accessed by unauthorized individuals. The breach occurred through a third-party vendor in Xsolis's supply chain. This means your medical information may have been exposed even if you've never heard of Xsolis before.

The Details

Xsolis doesn't treat patients directly. Instead, hospitals and clinics share patient data with the company so their AI systems can help with billing, insurance claims, and patient care decisions. When a third-party vendor that works with Xsolis was compromised, attackers gained access to protected health information that Xsolis had received from their healthcare clients.

This type of breach is called a supply chain attack. It's particularly concerning because patients have no direct relationship with Xsolis. You may have received care at a hospital that uses their services without ever knowing it. The exposed information typically includes names, dates of birth, medical record numbers, diagnosis codes, treatment information, and insurance details.

Supply chain breaches have become increasingly common in healthcare. Companies that handle patient data on behalf of hospitals are attractive targets because they often store information from multiple healthcare facilities in one place. When attackers breach one vendor, they can access data from dozens of hospitals at once.

Who Is Affected

If you or your family members received care at a hospital or clinic that uses Xsolis services, your information may be included in this breach. Xsolis works primarily with hospitals across the United States. The company has stated it is notifying affected individuals directly, but these notifications can take weeks to arrive.

Children's information may also be included if they received hospital care. Medical identity theft can affect people of all ages, and children's records are sometimes targeted because fraud can go undetected for years.

What You Should Do Right Now

1. Watch for notification letters in your mail over the next 30-60 days. Xsolis and affected hospitals should send detailed information about what data was exposed and what protections they're offering.

The Bigger Picture

Healthcare data breaches have exposed over 100 million patient records in recent years. Third-party vendors now represent one of the biggest vulnerabilities in the healthcare system. As hospitals increasingly rely on outside companies for AI, billing, and data analysis, patients' information passes through more hands and faces more risk.

Staying informed about breaches is no longer optional. Your medical information is valuable to criminals and can be used for insurance fraud, prescription drug schemes, and identity theft for years after a breach occurs.

How GetCyberRight Can Help

Our Breach Monitor tool tracks data breaches and alerts you if your email address or personal information appears in exposed databases like the Xsolis incident. Instead of waiting for official notification letters, you can find out quickly if your information has been compromised. Early awareness means you can take protective steps faster, reducing your risk of medical identity theft and fraud.