
Carle Health, a nonprofit health system headquartered in Urbana, Illinois, disclosed a data breach connected to its vendor XSolis Inc. that affected 1,444 individuals in the United States.
Carle Health's own medical records and electronic network were not compromised in this incident. The breach was limited to the systems of XSolis Inc., a third-party vendor Carle Health uses to provide case and utilization management services.
XSolis experienced unauthorized network activity on Jan. 22, 2026, as a result of a targeted phishing attack.
Over the following months, the company worked to determine which data may have been accessed and which individuals were affected. On April 23, 2026, approximately three months after the initial breach occurred, XSolis notified Carle Health about the incident and its findings.
The types of information that may have been accessed included patient names, dates of birth, doctor names, health insurance information, diagnoses, medical record numbers, and dates and locations of treatment, and Social Security numbers.
The breach was reported to the U.S. Department of Health and Human Services on June 19, 2026. Carle Health posted a notice about the incident on its website.
XSolis sent individual notification letters to impacted Carle Health patients. Affected patients should watch closely for any signs of misuse.
Individuals with questions or concerns can contact the XSolis call center at 1-844-406-4585. The call center is available Monday through Friday from 8:00 a.m. to 5:00 p.m. Central Time, excluding major U.S. holidays. Additional information about the incident is available at xsolisdataincident.com.








.webp)
.webp)
.webp)

.webp)
.webp)
.webp)
.webp)