Esse Health, a prominent healthcare provider located in St. Louis, Missouri, has informed over 263,000 patients that their personal and health information was compromised in a cyberattack that occurred in April. As the largest independent physicians’ group in the Greater St. Louis area, Esse Health operates 50 locations and employs over 100 physicians, creating significant concern regarding the impact of this breach on the community.
The organization became aware of the data breach when attackers disabled some primary patient-facing network systems and phone systems on April 21, 2025. Although impacted systems were restored by June 2, Essa Health updated a notification on its website to inform patients that they could resume using regular communication channels, including text messages, phone calls, and the patient portal. More details regarding the situation were shared in a statement from Esse Health’s privacy officer Jaime L. Bremerkamp, who specified that the attackers accessed the network on the same day of the disruption.
In a filing with Maine’s Attorney General, Esse Health reported that a wide range of sensitive data was stolen, which included personal information such as patients’ names, addresses, dates of birth, health insurance data, medical record numbers, and patient account numbers. However, it was noted that there were no indications that social security numbers were compromised. The health provider reassured that its NextGen electronic medical record system remained secure and unaffected.
Patients affected by the breach are advised to review their account statements and monitor credit reports for any suspicious activity that could be linked to identity theft. In response to the breach, Esse Health has partnered with data breach recovery services provider IDX to provide free identity protection services for those who enroll by September 25, 2025. Although the exact nature of the attack remains undisclosed, the extent of the restoration efforts indicates a possible ransomware incident, with no ransomware group taking responsibility for the breach since April.