Cybersecurity Girl Weekly Drop
Cyber news, tools & one smart career path.
5 min read

Quick Reality Check
One phishing email led to the theft of Social Security numbers and medical records for 1.4 million hospital patients.
What happened:
Xsolis, a Tennessee-based healthcare technology company whose software is used by more than 600 hospitals and insurers nationwide, was hit by a phishing attack. On January 20, 2026, an attacker sent a phishing email to an employee who clicked it. That gave the attacker access to the network.
By the time Xsolis detected the intrusion two days later, the attacker had already walked out with files containing the names, home addresses, dates of birth, Social Security numbers, health insurance details, and medical treatment records of 1,396,519 people, a number officially confirmed by the U.S. Department of Health and Human Services.
Why it matters:
One phishing email gave attackers everything they needed. The scale is massive. 1.4 million patients across 600 hospitals means if you've had any healthcare interaction in the last few years, there's a real chance your name, address, date of birth, Social Security number, insurance info, and medical history are now in the hands of people who will sell it or use it to commit fraud against you.
Your data is the skeleton key. With a Social Security number plus your date of birth, address, and medical history, attackers don't need to guess anything. They can open credit accounts, file tax returns in your name, submit fraudulent insurance claims, or sell the bundle to other criminals. Medical data is especially valuable because it's tied to your identity and your money.
Read more here
60-Second Protection Fix
Here is what you can do to protect yourself:
-
Freeze your credit: Go to annualcreditreport.com on your phone or computer and click through to the three major bureaus (Equifax, Experian, and TransUnion). It is completely free by federal law and takes about 10 minutes total. A freeze blocks anyone from opening new credit cards or loans in your name, even if they have your Social Security number. Save the PINs they give you in case you need to lift the freeze later
-
Watch your physical mail: Xsolis is mailing notification letters to affected individuals (or to parents/guardians if the patient was a minor). When it arrives, do not ignore it. Open it and follow the instructions to enroll in the 12 months of free identity monitoring they are providing through Kroll.
-
Audit your medical statements: Check your health insurance explanation-of-benefits statements for any unfamiliar medical claims. If you see treatment you never received, flag it immediately.
If you like MythBusters, you’ll love this new cyber docuseries.
Into the Breach is a new cybersecurity docuseries hosted by Kari Byron, the longest-running female host in MythBusters history, and produced by OPSWAT. It does for cybersecurity what MythBusters did for science: turning invisible, complex threats into something unforgettable.
The docuseries investigates breaches, bad actors, and the defenses protecting the systems modern life depends on: power grids, water systems, financial networks, and infrastructure built decades ago that are barely keeping up. Episode 1 premieres on YouTube on August 8, with a live event during Black Hat USA that same week. Watch the trailer and set your reminder now.
*Sponsored by OPSWAT
What You Missed This Week
Never post these photos of your kids online
And if you already have, here’s what you need to do right now. 🚨
Never plug your phone into a USB port in a car you don’t own.
Here is why you shouldn’t!
You are using copy and paste wrong!!
Here’s the way that you should be doing it.
Let’s keep building together!
Stay protected,
Cybersecurity Girl
Know someone who’d enjoy this? Pass it along and have them sign-up here! And if you have thoughts or feedback, just hit reply, I’d love to hear from you.




Responses