In April 2025, Esse Health, a Missouri-based healthcare provider, experienced a cyberattack that compromised the personal data of over 263,000 patients, including Social Security numbers and medical information.
Esse Health, which operates independently in the Greater St. Louis area, was formed in 1996 through the merger of two physician-led groups. It now includes more than 100 physicians across nearly 50 locations, providing both adult and pediatric primary care, along with specialty services such as allergy, radiology, urology, and gastroenterology.
The cyberattack, identified on April 21, disrupted electronic medical records and phone systems. In a public notice, Esse Health explained that it launched an investigation with the help of cybersecurity and forensic experts and immediately informed law enforcement.
The investigation revealed that a cybercriminal accessed the network on April 21 and was able to view and copy certain files. The company conducted a thorough review to determine which data was affected and who was impacted.
According to a breach notification sent to the Maine Attorney General’s Office, the incident affected 263,601 individuals. The stolen data includes names, Social Security numbers, health records, and insurance details. However, Esse Health clarified that its core electronic medical record system was not accessed or copied.
Following the breach, the organization began mailing notifications to affected individuals and reported the incident to appropriate authorities. The company has since strengthened its security infrastructure to guard against future incidents. Although no misuse of the stolen data has been detected, Esse Health is offering free identity protection services to those impacted.
The company advises individuals to remain alert by reviewing account statements and credit reports for signs of fraud. Under federal law, consumers are entitled to one free credit report per year from each of the three major credit bureaus, regardless of whether they suspect identity theft.
Esse Health has not disclosed technical details about the breach, but the widespread disruption suggests ransomware may have been involved.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
