Xsolis Data Breach Investigation
Xsolis, Inc. has reported a data security incident that may have involved personal and protected health information. According to the company’s public notice, the activity was tied to a targeted phishing attack in January 2026. If you received a notice letter or believe your information may have been involved, this page explains what was reported, what steps to consider next, and what legal rights may be available. You can also fill out the form on this page to ask Strauss Borrelli PLLC whether the reported incident may support a claim.
Xsolis, Inc. is a Tennessee-based healthcare technology company that provides case and utilization management services to healthcare organizations. According to its public notice, the company received personal and protected health information from client healthcare organizations in connection with those services.
Key Facts at a Glance
- Company: Xsolis, Inc.
- Industry: Healthcare technology.
- Incident timing reported: Xsolis says the unauthorized activity resulted from a targeted phishing attack on January 20, 2026.
- Discovery date reported: The company says it became aware of the activity on January 22, 2026.
- Public listing date: Available filing information indicates a state Attorney General listing on June 5, 2026.
- Information that may have been involved: Names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information, depending on the individual.
- How many people were affected: The website notice reviewed does not state a total number.
- Services offered: Free credit monitoring and identity protection services for eligible potentially affected individuals.
- Company contact: Xsolis lists a toll-free call center at (844) 403-4585, Monday through Friday, 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays.
What Happened?
According to Xsolis’s website notice, the company became aware of unauthorized activity affecting a limited portion of its environment and says the activity was linked to a targeted phishing attack. The notice states that Xsolis contained the activity, launched an investigation with outside cybersecurity experts, and reported the matter to law enforcement.
Xsolis further states that its investigation found an unauthorized actor acquired certain files. The company says it is not aware of actual or attempted misuse of information because of the incident, but it also says notice letters will be mailed to potentially affected individuals for whom it has address information.
What Information Was Exposed?
Xsolis says the files involved may have contained both personal information and protected health information. According to the notice, the data may have included names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information, depending on the individual.
When Social Security numbers and birth dates may be involved, people often worry about identity theft, tax fraud, or fraudulent account activity. When health insurance or medical information may be involved, there can also be concerns about medical privacy, insurance misuse, and suspicious explanation-of-benefits activity. That does not mean misuse has occurred, but it does mean affected individuals may want to monitor closely.
What Should You Do Next?
- Read any notice letter carefully. Keep the letter and note any deadlines for enrolling in free credit monitoring or identity protection services.
- Use the free protection services if offered to you. Xsolis says eligible potentially affected individuals will have access to credit monitoring and identity protection.
- Review your accounts and reports. Check bank and credit card statements, credit reports, and health insurance explanation-of-benefits forms for unfamiliar activity.
- Consider a fraud alert or credit freeze. If your Social Security number may have been involved, these tools can help reduce the risk of new-account fraud.
- Document anything unusual. Save screenshots, letters, bills, denial notices, and records of time spent dealing with suspicious activity.
- Contact the company and ask questions. The call center listed in the notice is (844) 403-4585.
- Ask about your legal options. If you want to know whether the reported incident may support a claim, fill out the form on this page to contact Strauss Borrelli PLLC.
Your Legal Rights
People affected by a reported data incident often ask whether they can bring a legal claim. The answer depends on the facts, the laws that apply, and whether the incident led to concrete harm such as out-of-pocket expenses, time spent resolving problems, denied medical services, or fraudulent activity.
In some situations, consumers investigate whether a company used reasonable safeguards for sensitive information and whether notice was provided in a legally sufficient way. Receiving a notice letter does not automatically mean you have a case, but if sensitive personal or medical information may have been involved, it can be reasonable to have the situation reviewed.
Why Hire Strauss Borrelli PLLC?
Strauss Borrelli PLLC represents consumers in data breach and privacy matters and has experience evaluating reported cyber incidents involving sensitive personal and health information. Our team can help you understand the notice, identify what records to preserve, and assess whether the reported Xsolis incident may support a claim.
We focus on clear communication and practical next steps for people dealing with uncertainty after a security incident. If you received a notice letter or have seen suspicious activity, you can contact Strauss Borrelli PLLC using the form provided on this page for a free, no-obligation review.
If you received a breach notification letter from Xsolis:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
