A cyberattack on Missouri-based Esse Health has compromised the personal and health information of hundreds of thousands of patients.
Esse Health, the largest independent physician group in the Greater St. Louis area, has disclosed a data breach impacting 263,601 patients. The organization first detected the breach on April 21, 2025, when attackers disrupted core systems, including phone lines and patient-facing networks. According to the company’s investigation, the attacker accessed the network, viewed, and copied files containing sensitive patient information.
In breach notification letters, Esse Health confirmed that the compromised data includes names, addresses, birth dates, medical record numbers, patient account numbers, health insurance information, and other health-related details. The organization stated that Social Security numbers were not involved and that its NextGen electronic medical records system was unaffected.
A full review of the affected files took several weeks, and communication systems were not fully restored until June 2. The delay in restoration and data review suggests the attack may have been ransomware-related, although no group has publicly claimed responsibility. Esse Health has not provided further technical details about the breach.
Patients have been offered free identity protection services through IDX if they enroll by September 25, 2025. Individuals are also advised to monitor financial accounts and credit reports for suspicious activity.
Privacy Officer Jaime L. Bremerkamp explained in letters to affected individuals that a "time-intensive review" was conducted to identify whose information was compromised. “The cybercriminal was able to view and copy certain files,” Bremerkamp wrote, confirming that patients' data may have been exposed during the breach.
An Esse Health spokesperson has not commented publicly beyond the official notices, and no external ransomware group has taken credit for the incident.
The breach is one of several recent incidents involving mid-sized healthcare providers. Compared to larger hospital systems, independent physician groups such as Esse Health may face resource limitations that affect their cybersecurity posture. The healthcare sector continues to be vulnerable due to the sensitivity of patient data and the operational disruption caused by service outages. Extended recovery timelines and delayed public updates can make incident response and trust restoration more difficult.
Healthcare systems store large volumes of sensitive personal and medical data, making them attractive to attackers seeking to steal, sell, or extort information.
NextGen is Esse Health’s electronic medical records platform. Since it was not affected, core clinical data likely remained secure, minimizing disruption to ongoing patient care.
Prolonged system outages, delays in restoration, and data exfiltration before service recovery are common characteristics of ransomware events.
Yes. Insurance information, account numbers, and medical history can be exploited for identity fraud, false claims, or phishing scams.
Patients should enroll in the offered identity protection, regularly check account activity, and report any suspicious transactions to their financial institutions and healthcare providers.