Xsolis Data Breach Class Action Lawsuit Investigation

Abington Cole + Ellery is investigating potential legal claims related to the Xsolis data breach, which reportedly affected tens of thousands of individuals and may have exposed NAME / ADDRESS / SSN / DOB / INSURANCE DATA / MEDICAL DATA.

Published June 16, 2026 | Last updated June 16, 2026
Reviewed by Cornelius P. Dukelow | licensed lawyer and registered patent attorney.


JOIN THIS INVESTIGATION: If you are interested in potentially volunteering to serve as a class representative in a class action lawsuit against Xsolis, please submit your information to be considered:


You may also open the form here: Xsolis Data Breach Lawsuit Form. An attorney-client relationship is not formed by submitting information through this website.


Xsolis Data Breach: Key Facts

Company: Xsolis, Inc.
Incident Type: Phishing Attack
Number of People Affected: Tens of Thousands
Reported Data Involved: NAME / ADDRESS / SSN / DOB / INSURANCE DATA / MEDICAL DATA
Date Breach Began: January 20, 2026
Date Breach Ended: January 22, 2026
Date Breach Discovered: January 22, 2026
Notice Date: June 5, 2026
Credit Monitoring: YES
Status: Class Action Lawsuit Investigation


What happened in the Xsolis data breach?

Xsolis recently disclosed a data security incident involving personal and protected health information held in connection with its work as a case and utilization management vendor for healthcare organizations. According to Xsolis, the incident began with a targeted phishing attack on January 20, 2026, and the company became aware of unauthorized activity affecting a limited part of its technology environment on January 22, 2026. Xsolis says it contained the activity that same day, ended the unauthorized access, isolated affected systems and accounts, notified law enforcement, and began an investigation with outside cybersecurity experts. The investigation found that an unauthorized actor accessed portions of the Xsolis environment and acquired a limited number of files, which may have contained information such as names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment information, depending on the individual. Several healthcare organizations later posted patient-facing notices about the incident, including UW Medicine, Carle Health, Legacy Health, and VHC Health; UW Medicine reported that approximately 23,600 of its patients may have been affected, though a total number of affected individuals across all Xsolis clients has not been publicly confirmed. Xsolis publicly announced the incident on June 5, 2026, stated that it had found no evidence of unauthorized activity after January 22, 2026, and said it was offering eligible individuals complimentary identity monitoring services.


How did the Xsolis breach occur?

The Xsolis data breach was reportedly the result of a phishing attack.


When did the Xsolis breach occur?

The Xsolis data breach reportedly took place on or around between January 20, 2026, and January 22, 2026.


How many people were affected by the Xsolis breach?

An exact count has not yet been publicly released, but tens of thousands of individuals are confirmed to have been affected by the Xsolis data breach.


What information was exposed in the Xsolis breach?

  • Breached data reportedly may include, but is not necessarily limited to:
    • name
    • address
    • Social Security number
    • date of birth
    • health insurance information
    • medical treatment information

Has Xsolis offered free credit monitoring and/or identity theft protection services?

Yes. Xsolis is reportedly offering free credit monitoring and/or identity theft protection services to affected individuals as a result of the data breach.


Xsolis data breach timeline:

Date Event
January 20, 2026 Unauthorized activity began.
January 22, 2026 Xsolis discovered the incident.
January 22, 2026 Unauthorized activity ended.
UNCONFIRMED Data breach investigation concluded.
June 5, 2026 Xsolis began public notification.

Who is Xsolis?

Xsolis is a healthcare technology company based in Franklin, Tennessee, that develops AI-enabled tools for hospitals, health systems, and health plans. Founded in 2013, the company focuses on improving utilization management, medical necessity review, length-of-stay planning, revenue cycle processes, and collaboration between providers and payers. Its platform uses clinical and operational data to help healthcare organizations make more consistent care-level and administrative decisions while reducing the manual work often involved in review and authorization processes.


What should affected individuals do?

Start by reading the notice letter carefully and enrolling in the complimentary identity monitoring services if eligible. Xsolis says those services include credit monitoring, fraud consultation, and identity theft restoration, and that eligible people should follow the enrollment instructions in their letter. Xsolis also lists a dedicated assistance line at 844-403-4585, Monday through Friday, 8:00 a.m. to 5:30 p.m. Central Time.

Because the incident may have involved health insurance and medical treatment information, people should also watch for signs of medical identity theft. Review explanation-of-benefits statements, medical bills, insurance notices, patient portal activity, and appointment or prescription records for services, providers, diagnoses, prescriptions, or unrecognized claims. The FTC warns that medical identity theft can affect insurance benefits, credit, and even the accuracy of a person’s medical records.

If you see suspicious activity, act quickly: report identity theft through IdentityTheft.gov, contact your bank or credit card issuer if financial accounts are involved, notify your health insurer or medical provider if medical claims are involved, and keep copies of letters, bills, reports, and time spent responding. The IRS also maintains identity-theft resources for tax-related misuse, including steps for people whose information is used in tax fraud.

Finally, affected individuals should be alert for follow-up phishing attempts. Scammers may impersonate Xsolis, Kroll, a hospital, an insurer, or a government agency and ask for Social Security numbers, insurance IDs, payment information, or login credentials. A safer practice is to use the contact information in the official notice letter or on the provider’s official website, rather than relying on links or phone numbers in unexpected emails or texts.


Sources and additional information about the breach:


FAQ - Frequently Asked Questions

A class action lawsuit is a case brought on behalf of a group of people who were harmed in a similar way by the same company or organization.

A class representative, sometimes called a named plaintiff or lead plaintiff, is a person who volunteers to bring the lawsuit on behalf of the larger group. They help represent the interests of everyone in the class. There may be more than one class representative in a class action.

A person who was harmed may start a class action if many other people were harmed in a similar way.

Usually, no. In many class action cases, the lawyers are paid only if the case is successful.

Sometimes you do not need to do anything. Other times, you may need to submit a claim form by a deadline to receive money or benefits.

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

This website is not associated with nor authorized by Xsolis or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.