Esse Well being, a healthcare supplier based mostly in St. Louis, Missouri, is notifying over 263,000 sufferers that their private and well being data was stolen in an April cyberattack.
As the biggest unbiased physicians’ group within the Better St. Louis space, Esse Well being operates 50 areas and employs over 100 physicians.
The group was made conscious of a breach after the attackers took down some main patient-facing community programs and its cellphone programs on April 21.
Impacted programs had been introduced again on-line till June 2, when Esse Well being up to date a notification on its web site to tell sufferers they may once more attain out through all common channels, together with textual content messages, cellphone calls, and the affected person portal.
“Based mostly on the investigation, a cybercriminal gained entry to our community on April 21, 2025. Whereas in our community, the cybercriminal was capable of view and duplicate sure information,” Esse Well being privateness officer Jaime L. Bremerkamp says in breach notification letters despatched to 263,601 affected people.
“As a part of our investigation, we carried out a time-intensive evaluation of the information concerned to find out the kinds of information current and to whom it associated. This evaluation recognized that data associated to you could have been contained in these information.”
In accordance with a submitting with Maine’s Legal professional Basic on Monday, the attackers stole a variety of delicate information for every impacted affected person, together with private data (e.g., title, deal with, date of beginning), medical insurance data, medical file quantity, affected person account quantity, and a few well being data.
Esse Well being additionally said that it discovered no proof of stolen social safety numbers and confirmed that its NextGen digital medical file system was not breached.
These affected are suggested to evaluation their account statements and monitor their credit score studies for suspicious exercise that could be linked to identification theft and fraud makes an attempt. Esse Well being additionally supplies them with free identification safety companies by information breach and restoration companies supplier IDX in the event that they enroll by September 25, 2025.
Whereas Esse Well being has but to disclose the character of the assault, restoration efforts spanning a number of months recommend a ransomware assault, the place a few of its programs had been encrypted after the menace actors stole paperwork containing sufferers’ information. Nevertheless, no ransomware operation has claimed duty for the breach since April.
An Esse Well being spokesperson was not instantly accessible for remark when BleepingComputer reached out for extra particulars earlier at the moment.
Whereas cloud assaults could also be rising extra subtle, attackers nonetheless succeed with surprisingly easy methods.
Drawing from Wiz’s detections throughout 1000’s of organizations, this report reveals 8 key methods utilized by cloud-fluent menace actors.
