Infirmary Health Notifies Patients of Third-Party Vendor Data Security Incident

MOBILE, AL – [June 17, 2026] – Infirmary Health announced today that it is notifying certain patients regarding a data security incident involving one of its vendors, Xsolis, Inc. The incident may have exposed certain protected health information (PHI) and personal data.

Xsolis provides case and utilization management services to Infirmary Health. The vendor recently informed Infirmary Health of unauthorized activity impacting approximately 89,770 Infirmary Health patients. This activity resulted from a phishing attack targeting Xsolis on January 22, 2026 and may include some of the following: names, addresses, date of birth, health insurance information, Social Security numbers, and medical treatment information.

Upon discovering the incident, Xsolis immediately interrupted and contained the issue, terminating the unauthorized access. Xsolis engaged external cybersecurity experts and notified law enforcement to launch a comprehensive investigation. There has been no evidence of unauthorized activity within the vendor's environment since January 22, 2026, and there is no evidence of any misuse of the impacted data.

Xsolis worked diligently with its consultants to assess the data and identify affected protected health information. The information potentially accessed varies by individual and may include specific clinical and personal data elements.

"We take our responsibility to protect patient information very seriously," says Mark Nix, President and CEO of Infirmary Health. "While there is no evidence that this information has been improperly used, we want to ensure our patients are informed and supported. We are working closely with our vendor to ensure all safety measures are reinforced."

Xsolis is offering the services of Kroll to provide identity monitoring at no cost. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. These services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration. Individual notification letters are being mailed to affected patients with specific instructions on how to enroll in these free services. If you have questions, please call (844) 403-4585.

Infirmary Health recommends that patients remain vigilant against fraud and identity theft by reviewing their account statements and monitoring their credit reports.

Additional information can be found at this link:https://www.xsolisdataincident.com/