Mayo Clinic Vendor Announces Patient Data Breach That Stemmed from Phishing Attack

Franklin, TN (KROC-AM News)- A vendor that provides case and utilization services management for Mayo Clinic and other healthcare providers is reporting a breach of patient data. 

See Also: Motorcyclist Dies in Collision With Pickup Truck Near Rochester Lowe's Store

Franklin, TN based Xsolis, Inc. sent letters to patients from Mayo Clinic and other healthcare entities informing them of the data breach. 

A notice of the incident published on Xsolis’s website said they became aware of the breach on January 22 of this year. 

Third-Party Vendor Announced Breach of Data Belonging to Patients from Mayo Clinic and Other Healthcare Providers

Xsolis says the “unauthorized activity impacting a limited portion of the Xsolis environment” was the result of a phishing attack launched on January 20. 

Get our free mobile app

An investigation that involved cyber security experts determined “an unauthorized actor acquired certain files containing information that, depending on the individual, may include names, addresses, date of birth, health insurance information, Social Security numbers, and medical treatment information,” according to the notice. 

Xsolis says they’re not aware of actual or attempted misuse of the information stemming from the incident. 

The letter sent to patients potentially impacted by the breach includes information on accessing free credit reports and identity theft protection. 

The company has also set up a toll-free phone line for letter recipients to call to get access to free credit reports and identity protection services. It’s available weekdays from 8 a.m. until 5:30 p.m. Central Time at (844) 403-4585. 

Mayo Clinic Statement

In a statement issued to KROC News, Mayo Clinic says it learned of the incident in late April. The full statement is available below. 

Mayo shared information from Xsolis in the statement and did not say how many of its patients were potentially impacted by the data breach.