Healthcare technology company Xsolis, Inc. has disclosed a data breach affecting nearly 1.4 million individuals.
Tennessee-based Xsolis provides utilization management and revenue cycle solutions for hospitals, health systems, and payers.
The company published a data security notice in early June, revealing that unauthorized activity was detected on its systems on January 22. The intrusion resulted from a targeted phishing attack carried out two days earlier.
According to Xsolis, the hackers gained access to files storing personal and protected health information received by the company from its clients, including names, dates of birth, addresses, SSNs, health insurance information, and medical treatment information.
While the data breach was disclosed two weeks ago, the US Department of Health and Human Services (HHS) has now disclosed the number of affected individuals.
The Xsolis cybersecurity incident was added to the HHS data breach tracker on Monday, with the number of affected individuals listed as 1,396,519.
No known ransomware group appears to have taken credit for the attack on the healthcare tech company.
SecurityWeek has asked Xsolis whether it was targeted in an extortion attempt and, if so, whether a ransom has been paid. The company’s disclosure indicates that it’s “not aware of any actual or attempted misuse of information because of this incident”.
It’s not uncommon for healthcare-related data breaches to affect millions of people. One recent example is the incident involving the dental benefits administrator DentaQuest, in which hackers stole information from 2.6 million accounts.
Related: Millions Impacted Across Several US Healthcare Data Breaches
Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond
Related: Oncology Institute Discloses Data Breach
