Esse Health Discloses Data Breach Impacting 45 Locations

In April 2025, Esse Health, an independent physician group in the St. Louis metropolitan area, experienced a significant cyberattack that disrupted portions of its computer network. The incident led to several of Esse Health’s systems going offline, temporarily impacting healthcare services for many patients across its 45 locations.

The organization detected unusual activity on select network systems and responded by taking affected systems offline to contain the incident. As of April 24, 2025, Esse Health continues to investigate the incident with the help of third-party cybersecurity specialists and is working to restore normal operations.

The method of the breach has been described as a cyberattack, but further technical details—such as whether ransomware was involved or if data was exfiltrated—have not been publicly confirmed. The attack was severe enough to require the use of backup processes for patient communications and scheduling, and it limited the capabilities of office phone systems.

The data breach affected 263,601 individuals and compromised personal information includes names, addresses, dates of birth, health insurance information, medical record numbers, patient account numbers and other health information. The cybersecurity incident was reported to the U.S. Department of Health and Human Services on June 20, 2025.

The data breach was disclosed to the Vermont, Maine and Massachusetts Attorney Generals' offices beginning on June 27, 2025.

Esse Health's response

In response to the cyberattack, Esse Health secured its network infrastructure and engaged external cybersecurity experts to investigate and mitigate the breach. The company has prioritized restoring systems and maintaining patient care, even as some digital services remain limited. Patients have been advised to contact their providers via text message to the main office number, the patient portal, or by calling their doctor’s office directly—though phone capabilities are currently restricted.

Esse Health has committed to directly notifying any individuals if the investigation determines that their confidential data was compromised. The organization is posting ongoing updates for patients on its network updates webpage. Patients are encouraged to monitor this page for the latest information and to reach out via the provided email address if they have additional questions.

Given the nature of the breach, patients should remain vigilant for signs of identity theft or fraud. It is advisable to monitor credit reports, review medical statements for unfamiliar activity, and be cautious of unsolicited communications that may reference personal or health information. If you are a patient of Esse Health and have concerns, you can find the official notice and updates on the Esse Health website.