Esse Health data breach impacted 263,000 individuals
Esse Health data breach impacted 263,000 individuals
A cyberattack on healthcare provider Esse Health in April 2025 exposed data of 263K+ patients, including SSNs and medical info.
In April 2025, Missouri-based healthcare provider Esse Health suffered a cyberattack that disrupted its systems and led to the theft of personal data from over hundreds of thousands individuals.
Esse Health is an independent physician group based in the Greater St. Louis area, Missouri. Founded in 1996 through the merger of two physician-led organizations, it has grown to include over 100 doctors operating across 45–50 locations. The group offers a wide range of services, including adult and pediatric primary care, as well as specialties such as allergy, gastroenterology, radiology, and urology.
The breach, discovered on April 21, affected electronic medical records and phone systems.
“On April 21, 2025, suspicious activity was identified within the Esse Health network. We initiated an investigation with the assistance of external cybersecurity and forensic specialists. We took steps to secure our systems and notified law enforcement. Based on the investigation, a cybercriminal gained access to our network on April 21, 2025.” reads the data breach notice published by the company. “While in our network, the cybercriminal was able to view and copy certain files. As part of our investigation, we conducted a time-intensive review of the files involved to determine the types of data present and to whom it related.”
The company confirmed that stolen data included names, Social Security numbers, medical and insurance info.
According to the data breach notification shared with the Maine Attorney General’s Office, the data breach impacters 263,601 people.
The company pointed out that electronic medical record system was not accessed or copied. The organization is now notifying affected individuals by mail, following an internal investigation. Esse Health has also notified authorities.
Esse Health announced it has enhanced security measures to prevent similar incidents in the future and, though no misuse of data has been found, is offering free identity protection to affected individuals as a precaution.
“As a precaution, it is always good practice to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring free credit reports for suspicious activity and to detect errors.” concludes the notice. “Under federal law, you also are entitled every 12 months to one free copy of your credit report from each of the three major credit reporting companies listed below, whether or not you suspect any authorized activity on your account.”
Esse Health hasn’t provided details about the attack, but the widespread system disruption suggests a possible ransomware incident.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)