Xsolis Data Breach Triggers Class Action Investigation
Xsolis, Inc., a US healthcare-IT vendor serving over 600 hospitals and insurers, disclosed a targeted phishing attack on 20 January 2026 (detected 22 January 2026) that exposed personal and medical data of approximately 1.4 million individuals, including names, addresses, dates of birth, health insurance details, Social Security numbers, and medical treatment information. Plaintiff firm Edelson Lechtzin LLP has opened a consumer class action investigation, but no regulatory filing, carrier disclosure, or loss estimate is yet available.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Low impact. The event sits at the developing lifecycle stage on the basis of a corroborating trade-media report (BleepingComputer) that confirms the attack vector (phishing), the breach timeline (attack 20 Jan, detected 22 Jan 2026), and a more credible affected count (~1.4M) than the earlier unverified GKG extraction (~4M). Inclusion of SSN plus health insurance and medical treatment data elevates HIPAA-adjacent notification exposure and consumer class action potential, with downstream hospital and insurer client aggregation risk. No loss estimate, regulatory notification, or carrier disclosure is yet in evidence, keeping insured severity at low.
View assessment methodologyPremium discovery tier
Unlock analyst briefs, intelligence depth, and the revision timeline
Public pages show event facts and a short lead-in. Premium accounts unlock analyst briefs, deeper intelligence, loss context, and the full revision history for this event.
Start two-week trialGeographic Zone Matches
3 active matches
- TRIA Certified AreasRule-basedConfidence 100%
- Pacific Ring of FireRule-basedConfidence 100%
- Caribbean Hurricane ZoneRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts