Healthcare AI vendor Xsolis breach exposes data on 1.4 million people
Xsolis, a US healthcare technology company whose AI software is used by more than 600 hospitals and insurers for utilization management and reimbursement decisions, has disclosed a breach affecting 1,396,519 people. Attackers got in through a targeted phishing attack on an employee in January, accessing files containing patient data Xsolis handles for its clients. The exposed information includes names, dates of birth, addresses, Social Security numbers, health insurance details, and medical treatment information. Because Xsolis is a vendor, affected individuals may never have dealt with it directly; downstream health systems including Mayo Clinic are among those whose patients are impacted.
- Check
- Healthcare organizations should check whether they share data with Xsolis and confirm their breach-notification obligations; affected individuals should watch for medical, insurance, and identity fraud and any Xsolis-related notice.
- Affected
- Patients and health-plan members whose data Xsolis processed for hospitals and insurers (1,396,519 affected); exposed Social Security numbers and medical information carry lasting identity-theft and medical-fraud risk.
- Fix
- Affected people should enroll in the offered monitoring, freeze credit, and watch insurance statements. Healthcare organizations should strengthen phishing-resistant MFA, map which vendors hold patient data, and tighten access to health-data repositories.