Vendor Serving Mayo Clinic & Other Hospitals Reports Patient Data Breach

TL;DR

A third-party vendor, Xsolis, disclosed a patient data breach affecting Mayo Clinic and other healthcare providers, resulting from a phishing attack. Mayo Clinic confirmed learning of the incident in late April, but the scope remains unclear.

A third-party vendor, Xsolis, has disclosed a data breach affecting patient information from Mayo Clinic and other healthcare providers, caused by a phishing attack launched on January 20. Mayo Clinic confirmed in late April that it learned of the incident, which may have involved sensitive personal and medical data. This development raises concerns about third-party cybersecurity risks in healthcare.

Xsolis, Inc., based in Franklin, Tennessee, sent letters to patients from Mayo Clinic and other healthcare entities informing them of the breach. According to a notice published on Xsolis’s website, the incident was identified on January 22, and involved unauthorized activity impacting a limited portion of its environment. An investigation by cybersecurity experts determined that an unknown actor accessed files containing personal information, including names, addresses, dates of birth, health insurance details, Social Security numbers, and medical treatment data.

Xsolis stated they are not aware of any actual or attempted misuse of the compromised information. Patients affected by the breach were advised to access free credit reports and identity theft protection services. The company established a toll-free helpline (844-403-4585), available weekdays from 8 a.m. to 5:30 p.m. Central Time, for affected individuals seeking assistance.

Mayo Clinic issued a statement to KROC News, confirming it learned of the incident in late April. The statement clarified that the breach was not specific to Mayo Clinic but involved information maintained by Xsolis for multiple clients. Mayo did not specify how many of its patients were potentially impacted. The clinic emphasized that Xsolis had directly notified affected patients.

Implications for Healthcare Data Security

This incident highlights ongoing vulnerabilities in third-party vendor cybersecurity within the healthcare sector. Despite no confirmed misuse of data, the breach underscores the importance of rigorous security measures and oversight of vendors handling sensitive patient information. Such breaches can erode patient trust and potentially lead to identity theft or fraud if malicious actors attempt to exploit the compromised data.

Nezyo 2 Pack Identity Protection Roller Stamp Identity Theft, Confidential, Privacy Roller Stamp Information Blocker and 4 Pack Refill Ink for ID Account Data Address Security(Yellow)

Nezyo 2 Pack Identity Protection Roller Stamp Identity Theft, Confidential, Privacy Roller Stamp Information Blocker and 4 Pack Refill Ink for ID Account Data Address Security(Yellow)

Protect Your Privacy Effectively: you can use this identity protection roller stamp to flip personal information in under…

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Recent Trends in Healthcare Data Breaches

Healthcare data breaches have been increasing over recent years, often involving third-party vendors. Phishing remains a common attack vector, targeting organizations to gain access to sensitive information. In this case, Xsolis, which provides case and utilization services management, was targeted on January 20, leading to the exposure of data for multiple healthcare clients, including Mayo Clinic. The incident adds to a broader pattern of cybersecurity challenges faced by healthcare providers and their vendors.

“This breach illustrates the persistent threat of phishing attacks targeting healthcare vendors, which can have wide-reaching impacts on patient privacy.”

— an anonymous cybersecurity expert

NSKIM M400 Credit Card Skimmer Detection Tool, Compatible with VeriFone M400 / M440 Credit Card Terminal

NSKIM M400 Credit Card Skimmer Detection Tool, Compatible with VeriFone M400 / M440 Credit Card Terminal

COMPATIBILITY: Works with multiple credit card terminal models including VeriFone M400 & M440 stationary terminals

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Extent of Patient Impact and Data Misuse Unclear

It is not yet clear how many patients from Mayo Clinic and other providers were affected or whether the compromised data has been misused. The total number of impacted individuals remains unspecified, and investigations are ongoing.

Cybersecurity Leadership: Powering the Modern Organization

Cybersecurity Leadership: Powering the Modern Organization

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Monitoring and Future Security Measures

Healthcare organizations and vendors are expected to review and strengthen their cybersecurity protocols. Further updates may reveal the scope of the breach and any subsequent actions taken to mitigate risks. Patients are advised to remain vigilant and utilize offered credit protection services.

McAfee Total Protection Unlimited-Devices | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, ID Monitoring | 1-Year Subscription with Auto-Renewal | Download

McAfee Total Protection Unlimited-Devices | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, ID Monitoring | 1-Year Subscription with Auto-Renewal | Download

DEVICE SECURITY – Award-winning McAfee antivirus, real-time threat protection, protects your data, phones, laptops, and tablets

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Key Questions

How many patients were affected by the breach?

The exact number of affected patients has not been disclosed. Xsolis indicated the incident involved a limited portion of its environment, but specific figures are not available.

What types of information were compromised?

The breach potentially exposed personal details such as names, addresses, dates of birth, health insurance information, Social Security numbers, and medical treatment data.

Has there been any evidence of data misuse?

Xsolis stated they are not aware of any actual or attempted misuse of the data, but investigations are ongoing.

What should affected patients do?

Patients are advised to access free credit reports and identity theft protection services, and can call the dedicated helpline at (844) 403-4585 for assistance.

Will there be further disclosures?

Further updates are likely as investigations continue and more details become available regarding the scope and impact of the breach.

Source: Google Trends


You May Also Like

That Shop App Receipt You Don’t Recognize Is a Scam

Scammers are inserting fake purchase receipts into Shop app histories to steal personal info. Learn how to identify and avoid these scams.

Apple’s ‘Hide My Email’ Reportedly Exposes Your Real Email Address

A security flaw in Apple’s ‘Hide My Email’ feature allows bad actors to uncover users’ real email addresses using public search sites, despite Apple’s claims of privacy.

Outcome-First Decisions: Keep, Change, or Kill

A new decision framework helps organizations evaluate ongoing initiatives based on current outcomes, promoting pruning and better resource allocation.

Risky Bulletin: EU official’s phone infected with Pegasus

A European Union official’s phone was confirmed infected with Pegasus spyware, raising concerns over surveillance and security vulnerabilities.