Xsolis, Inc. and Hendrick Health: Potts Law Firm Takes Legal Action Following Hendrick Health Data Breach and Delayed Patient Notification

Xsolis, Inc. and Hendrick Health: Potts Law Firm Takes Legal Action Following Hendrick Health Data Breach and Delayed Patient Notification

Hendrick Health Faces Class Action Lawsuit Over Delayed Data Breach Notification

On June 18, 2026, Potts Law Firm filed a class action lawsuit in Taylor County, Texas, against Hendrick Health and its healthcare technology vendor, Xsolis, Inc., on behalf of patient Ada Louise McHenry and others affected by a January 2026 data breach. The lawsuit alleges that a phishing attack on Xsolis a third-party case management provider for Hendrick Health exposed sensitive patient data, including Social Security numbers, medical records, treatment details, and financial information.

The breach, discovered on January 22, 2026, went unreported to affected patients until June 2026, exceeding the 60-day notification window required under federal health data protection laws. The lawsuit claims Hendrick Health and Xsolis failed to implement adequate cybersecurity measures and delayed notifying victims, increasing their risk of identity theft, fraud, and medical privacy violations.

Plaintiff McHenry, a longtime Hendrick Health patient, alleges her personal and medical data was compromised. The proposed class includes all individuals whose information was exposed in the breach. The lawsuit seeks damages and injunctive relief for alleged negligence in safeguarding patient data and failing to provide timely breach notifications.

The case, Ada Louise McHenry v. Hendrick Medical Center and Xsolis, Inc. (Cause No. 52545-A), is pending in Taylor County District Court.

Source: https://www.morningstar.com/news/pr-newswire/20260618da87472/potts-law-firm-takes-legal-action-following-hendrick-health-data-breach-and-delayed-patient-notification

Hendrick Health cybersecurity rating report: https://www.rankiteo.com/company/hendrick-health

Xsolis cybersecurity rating report: https://www.rankiteo.com/company/xsolis

"id": "HENXSO1781814405",
"linkid": "hendrick-health, xsolis",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'All individuals whose '
                                              'information was exposed in the '
                                              'breach',
                        'industry': 'Healthcare',
                        'location': 'Texas, USA',
                        'name': 'Hendrick Health',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Healthcare IT',
                        'name': 'Xsolis, Inc.',
                        'type': 'Healthcare Technology Vendor'}],
 'attack_vector': 'Phishing',
 'customer_advisories': 'Delayed notification to affected patients',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'Medical records',
                                              'Treatment details',
                                              'Financial information']},
 'date_detected': '2026-01-22',
 'date_publicly_disclosed': '2026-06-18',
 'description': 'A class action lawsuit was filed against Hendrick Health and '
                'its vendor Xsolis, Inc. for a January 2026 data breach caused '
                'by a phishing attack. The breach exposed sensitive patient '
                'data, and notification was delayed until June 2026, violating '
                'federal health data protection laws.',
 'impact': {'brand_reputation_impact': 'Yes',
            'data_compromised': 'Social Security numbers, medical records, '
                                'treatment details, financial information',
            'identity_theft_risk': 'Yes',
            'legal_liabilities': 'Class action lawsuit filed',
            'payment_information_risk': 'Yes'},
 'investigation_status': 'Pending',
 'post_incident_analysis': {'root_causes': 'Phishing attack, inadequate '
                                           'cybersecurity measures'},
 'references': [{'source': 'Potts Law Firm'}],
 'regulatory_compliance': {'legal_actions': ['Class action lawsuit'],
                           'regulations_violated': ['Federal health data '
                                                    'protection laws (60-day '
                                                    'notification window)']},
 'response': {'communication_strategy': 'Delayed notification to affected '
                                        'patients'},
 'title': 'Hendrick Health Data Breach and Delayed Notification Lawsuit',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequate cybersecurity measures'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.