Cyber Incident Victim: Esse Health
Date:
May 2025
Location:
United States of America
Summary
Esse Health, an independent physician group operating 50 locations in the Greater St. Louis area, experienced a cyberattack that blocked access to its electronic medical record system. While its offices remain open and patients continue to be seen, some appointments have been cancelled and will be rescheduled once systems are restored. The phone system is functioning only in a limited capacity, prompting the organization to advise patients to use the patient portal or text their doctor’s office for communication. Third‑party specialists have been engaged to conduct a forensic investigation and support recovery efforts, and at this early stage it is not yet clear whether any patient data has been compromised; the organization has stated that affected individuals will be notified directly if exposure is confirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Esse Health, an independent physician group with 50 locations in the Greater St. Louis area of Missouri, experienced a cyberattack that prevented access to its electronic medical record system. The attack was reported in a news article published on May 1, 2025. Despite the disruption, Esse Health stated that its offices remained open and patients continued to be served. However, some appointments had to be cancelled and were to be rescheduled once systems were restored. The cyberattack also affected the organization's phone system, which operated in a limited capacity, causing patients to experience delays when connecting calls.
Patients were advised to use the patient portal to send messages or to text the main number for their doctor’s office while the phone system was being restored. Esse Health engaged third‑party specialists to assist with the forensic investigation and recovery efforts. Progress was being made in restoring the affected systems. At the early stage of the recovery process, it remained unclear to what extent, if any, patient data had been compromised. Esse Health indicated that if patient data were found to have been exposed or stolen, the affected individuals would be notified directly.