This week’s Big Data Breach affects 1.4 million patients at multiple healthcare organizations. The vector was a business associate, Xsolis, that is a vendor of utilization and case management software for providers and health plans. The phishing attack on an Xsolis employee took place on 20 January and by 22 January exfiltrated names, addresses, date of birth, health insurance information, Social Security numbers, and medical treatment information. They shortly thereafter notified client patients of the breach (Kroll Xsolis website notice) and offered data protection services to those affected. But only this month was the extent of the breach revealed: 1,396,519 records. Reports were submitted on 5 June to Health and Human Services’ (HHS) Office of Civil Rights (OCR). On 19 June, the California Attorney General’s Office posted a copy of the breach notification letter that Xsolis sent to its clients’ patients. To date, there have been no ransom or extortion demands nor dark web threats. Affected organizations have been reported as  Rochester Regional Health with 18,600 patients affected, Mayo Clinic and VHC. DataBreaches.net, Yahoo News–TechRadar

The multi-national data security alliance Five Eyes warns of AI supercharging hacking attacks. The three-page statement details how AI accelerates cybersec attacks and the need for ‘defence in depth’ with threats increasing in months, not years. It offers a five-point plan to reduce vulnerabilities and to use AI to defend against attackers. However, with most healthcare organizations overwhelmed with implementing AI tools, suppliers like Xsolis a vector for attack, and employees going outside for AI tools, the threat level has been amped 100x. The MIT Sloan article also warns that Anthropic’s Mythos, which is reportedly capable of autonomously finding and exploiting software vulnerabilities end-to-end with no human involvement, could be used for cyberattacks and chemical/biological attacks. Five Eyes is drawn from the US, UK, Canada, New Zealand, and Australia cybersecurity agencies. DataBreaches.net

In more cheerful news, Whoop announced that the FDA closed an investigation into their wearable’s Blood Pressure Insights feature. This started with a letter from FDA’s Center for Devices and Radiological Health (CDRH) in July 2025 challenging Whoop on the basis that the company did not have an approved application for premarket approval (PMA) or 510(k) approval of that feature.  Apparently, Whoop backed off of original claims that the BPI offered medical-grade health and performance insights and moved to general wellness claims ‘not intended for medical use’. It didn’t dissuade funders from a gigantic $575 million Series G in April. [TTA 9 Apr] MassDevice 

Centene, which in last week’s Chutes announced a voluntary separation plan (VSP) to most employees with 2 years or more in the company, added a board member. Lauren Tyler will be joining immediately to serve on Centene’s audit committee and compensation and talent committee. Ms. Tyler is a 20 year-plus JP Morgan veteran who was global head of human resources for asset and wealth management, global firmwide chief auditor, and global head of investor relations. That is an interesting skill set given what is happening at Centene and the need to compensate by downsizing for the crash in Medicaid and ACA members, as noted in the Release, Healthcare Dive

Raises have perked up again after a few weeks off.

Assort Health just raised a $120 million Series C. It was led by Menlo Ventures, with participants including Lightspeed Venture Partners, Felicis, First Round Capital, Chemistry, Joe Montana (!), Tau Ventures, and Quiet Capital. Assort provides an AI-assisted patient  voice agent along with an impressive AI model, Synapse, for specialty workflows that automate scheduling, intake forms, referrals, document processing, medication refills, real-time eligibility, lab requests, and payments. San Francisco-based Assort to date has raised $222 million and is now valued at $1.2 billion. Release

xCures scored a $46 million Series B. It was led by Innovius Capital, with participation from iGrow, GKCC, Spring Mountain Capital, and existing investors. Total funding is now over $76 million. xCures’ business model is focused on gathering scattered clinical patient data, assembling and structuring patient medical records into usable decision-ready data through its Clinical Clarity Engine. It is delivered to users via a web UI or a developer-friendly API. To date, they have 300 million medical records sourced from more than 550,000 healthcare locations nationwide. The new funds will be used for expansion of the Clinical Clarity Engine’s capabilities. Release, Mobihealthnews