Humana tech provider breach exposes records of 1.4M patients
Xsolis, a healthcare AI and analytics provider for Humana, one of the nation's largest healthcare insurers, alongside hundreds of major hospitals, doctors’ offices, and healthcare organizations, has revealed its systems were breached, exposing the patient data of nearly 1.4 million individuals.
-
A healthcare technology provider used by Humana and hundreds of hospitals says hackers stole sensitive data belonging to nearly 1.4 million people.
-
The breach exposed information including Social Security numbers, insurance details, and medical treatment data.
-
Experts say the attack highlights how sophisticated phishing campaigns are becoming harder for employees and security teams to detect.
The Kentucky-based AI-driven healthcare technology company filed an initial breach notification with the California Attorney General’s office detailing the January breach and began sending notices to affected individuals earlier this month.
“On January 22, 2026, Xsolis became aware of unauthorized activity impacting a limited portion of the Xsolis environment, resulting from a targeted phishing attack on January 20, 2026,” the company wrote in a breach notice dated June 5th.
The unauthorized actor was said to have “acquired certain files” from Xsolis systems.
Xsolis is best known for its Dragonfly platform, an AI-powered utilization management system that helps health insurers and hospitals review medical necessity and patient care decisions.
Upon discovering the intrusion, Xsolis “immediately contained the activity and terminated the unauthorized access,” the company said in the letter to compromised victims.
Announced Tuesday, Xsolis is now facing a possible class action lawsuit on behalf of the 1,396,519 people affected, according to the nonprofit group ClassAction.org, which is handling the case.
What data was compromised?
According to Xsolis, which brought in outside cybersecurity experts to investigate and mitigate any damage, exposed sensitive data may include:
- Names
- Addresses
- Date of birth
- Health insurance information
- Social Security numbers
- Medical treatment information
Max Gannon, Cyber Intelligence Team Manager at Cofense, says the attack timeline suggests a sophisticated threat actor likely targeted Xsolis directly.
"The speed of this attack tells us everything we need to know. Threat actors moved from initial phishing compromise to active data exfiltration in just 48 hours; a timeline that strongly reinforces Xsolis's characterization of this as a targeted attack, not an opportunistic one, Gannon said.
Gannon says phishing attacks, which are increasingly powered by AI, pose a challenge for defenders.
“How do you defend against a phishing attack so precisely crafted that even a well-trained employee can't tell it's fake?” Gannon poses the question, adding that “in the age of AI-assisted attacks, context is the new last line of defense.”
It’s not just about finding out who in the company clicked a bad link, but how many other employees did and what the attacker learned before IT teams found out, he explains.
“Organizations that invest in behavioral context (mapping lateral exposure across teams when one credential is compromised) are far better positioned to detect these attacks before they escalate into the kind of breach Xsolis is now managing," Gannon says.
The Xsolis breach is also under investigation by the US Office for Civil Rights for potential HIPAA violations.
Unlock more exclusive Cybernews content on YouTube.
