Cyberattack Paralyzes Esse Health Services Across St. Louis Area

In April 2025, Esse Health, one of the largest independent physician groups in the St. Louis, Missouri metropolitan area, suffered a cyberattack that severely disrupted operations across its 45 clinic locations. The incident, which remains unresolved as of May 7, locked access to key network systems, forcing staff to revert to paper-based workflows. Patients have reported widespread issues including canceled appointments, inaccessible medical records, and difficulty reaching providers by phone. Esse Health confirmed the cyberattack in a public statement and said it is working with third-party cybersecurity specialists to investigate and restore functionality. The company has not yet determined whether patient data was compromised.

While Esse Health maintains that offices remain open, communication has been limited to texting and use of the patient portal, as phone systems remain partially disabled. Online sources and social media users expressed growing frustration, with several patients citing delays in receiving test results and prescriptions. Posts on Reddit allege a culture of weak data practices at the organization, including prior HIPAA violations and improper handling of sensitive information. One commenter described how a receptionist once lost a physical notebook containing personal data, while others pointed to recurring technical failures even before the current incident.

As the cyberattack stretches into its third week, the disruption raises serious concerns about data privacy and operational resilience in regional healthcare. Patients have voiced fears of identity theft and long-term delays in care. Esse Health has pledged to notify any individuals affected by data breaches and continues to post updates through its website. However, as of the latest statement dated May 6, key systems remain offline, and no projected timeline for full restoration has been provided.