Subscribe To Our Newsletter
Subscribe To Our Newsletter
A cyberattack on St. Louis-based Esse Health in late April 2025 exposed the sensitive medical and personal records of approximately 521,167 individuals.Esse Health has agreed to establish a $2,525,000 settlement fund to resolve allegations of inadequate cybersecurity. The company denies any wrongdoing.
Everyday people who trusted a major Missouri medical group with their private medical files may now be entitled to cash compensation. American Multispecialty Group Inc., which does business as Esse Health, has agreed to pay $2,525,000 to resolve a consolidated class action lawsuit. The legal dispute follows a severe cyberattack that exposed the confidential personal and protected health information of more than half a million individuals.
If you received a data breach notification from Esse Health indicating that your data was caught in the crosshairs of this April 2025 cyberattack, you are considered an eligible class member. Affected individuals can now submit a claim to receive an estimated $50 cash payout. Additionally, those impacted can enroll in two years of specialized medical identity monitoring, a service funded entirely outside of the main settlement pool.
The class action lawsuit stems from a late April 2025 security incident where Esse Health detected unusual activity on its information technology network. A subsequent investigation revealed that hackers had managed to gain unauthorized access to databases containing sensitive patient and employee records. The independent physician group operates 45 locations across the greater St. Louis metropolitan area, making the breach one of the more significant medical data exposures in the region.
The lawsuit, Clausner et al. v. American Multispecialty Group, Inc., was consolidated in the 22nd Judicial Circuit Court of St. Louis City after a wave of individual cases were filed. The plaintiffs alleged that the medical group failed to implement reasonable cybersecurity safeguards, leaving highly confidential files vulnerable to digital thieves. While Esse Health strongly denies any legal liability or wrongdoing, the company agreed to the multi-million dollar fund to wrap up the litigation and avoid the ongoing costs of a court battle.
When a medical network is breached, the data exposed goes far beyond simple contact information, making it incredibly valuable to identity thieves. In court documents, it was confirmed that the categories of compromised data varied by individual. However, the private information potentially accessed during the cyberattack included names, home addresses, dates of birth, and Social Security numbers.
Furthermore, the data included protected health information (PHI) such as patient identification numbers, medical record numbers, person IDs, specific health information, and health insurance details. This severe exposure creates a long-term risk of medical identity theft, where bad actors use stolen information to obtain fraudulent medical care, submit fake insurance claims, or tamper with electronic medical records.
The court has officially defined the settlement class to include all individuals whose private information was potentially impacted during the April 2025 data incident. This specifically covers the approximately 521,167 people who were sent a data breach notification letter directly from Esse Health informing them that their personal or health files may have been compromised.
If you are a current or former patient at one of Esse Health’s 45 St. Louis area offices and remember receiving a postcard or letter about an April 2025 cyberattack, you are likely part of this class. If you are unsure whether you qualify, you can verify your status with the settlement administrator by referencing the login credentials mailed to you or contacting them directly with your full name and address.
The legal arguments raised by the plaintiffs highlight important standards under consumer protection and medical privacy frameworks. In the United States, healthcare providers are bound by strict requirements, including federal guidelines like the Health Insurance Portability and Accountability Act (HIPAA) and state measures like the Missouri Merchandise Practices Act. These laws mandate that organizations handling protected health information must establish rigid administrative, physical, and technical safeguards.
The lawsuit asserted that Esse Health breached its implied contract and fiduciary duties to its patients by failing to properly monitor its network and train personnel against digital intrusions. When corporate entities fall short of these industry standards, class action lawsuits act as a primary tool for everyday people to seek accountability. This $2.5 million settlement serves as a direct reminder that healthcare networks have a legal obligation to protect the communities they serve.
The $2,525,000 gross settlement fund will be utilized to cover court-approved attorneys’ fees and costs, administrative expenses for managing the distribution, and service awards for the eight class representatives who led the litigation. The net remaining money will then be distributed equally among all class members who step forward to file a valid claim.
Legal representatives estimate that the pro rata cash distribution will result in an individual payment of approximately $50.00 per claimant. It is important to note that you do not need to provide receipts, explanations, or any proof of identity theft to qualify for this money. The final value of the check may increase or decrease slightly depending entirely on how many eligible people submit a claim before the deadline.
Recognizing that a cash payment alone cannot fully erase the anxiety of a data breach, the settlement includes an additional benefit. All class members are eligible to enroll in two years of “CyEx Medical Shield Complete” identity protection services. This specialized monitoring package includes a $1 million medical identity theft insurance policy and provides access to fraud resolution agents if any suspicious activity occurs on your accounts.
Crucially, the costs associated with this credit and medical monitoring will be paid separately by Esse Health, meaning the expense will not shrink the $2.5 million cash fund. Class members should have received an enrollment code directly on their printed settlement notice. This code can be entered on the administrator’s portal to activate the protection plan, which will go live as soon as the court grants final approval.
To receive your cash payment from the settlement fund, you must take action. Unlike some settlements where payouts are automatic, Esse Health class members must submit a timely and valid claim form. The most efficient way to complete this process is by visiting the official, court-approved website at EsseHealthSettlement.com and logging in with the unique ID and PIN found on your mailed notice.
If you misplace your login credentials, you can contact the settlement administrator via email to request them by providing your full name and current mailing address. Alternatively, you can download, print, and fill out a physical PDF claim form to return by mail. All electronic submissions must be completed, and all paper claim forms must be postmarked, no later than August 4, 2026.
While the final day to secure your benefits is in August, there are earlier dates you must keep in mind if you wish to pursue a different legal path. If you do not want to be bound by the terms of this agreement—perhaps because you wish to retain your right to file an individual lawsuit against Esse Health regarding this breach—you must formally request to opt out.
The strict deadline to exclude yourself from the class or to submit a formal, written objection detailing why you disagree with the settlement terms is July 5, 2026. If you choose to do nothing, you will automatically remain in the settlement class, meaning you will give up your right to sue the defendant in the future, but you will miss out on the cash payment since you didn’t file a claim.
Before any checks can be cut or identity theft protection subscriptions can be activated, the settlement must receive final blessing from the legal system. The 22nd Judicial Circuit Court of St. Louis City has scheduled the final fairness hearing for August 3, 2026. During this hearing, the presiding judge will evaluate whether the agreement is fair, reasonable, and adequate for the half-million affected people.
If the court grants final approval and no subsequent legal appeals are lodged by outside parties, the administration process will move forward. Cash payments will be distributed via check or electronic methods, and the CyEx identity monitoring services will officially commence. Because appeals can occasionally delay class action timelines, residents are encouraged to file their claims early and monitor the official status site.
Data breaches targeting medical institutions have become increasingly common, but everyday people shouldn’t have to accept them as an unfixable reality. When you join a class action settlement, you send a clear message to large corporations that keeping consumer data secure must be a top priority.
Don’t stand alone against massive healthcare networks. If you were affected by the Esse Health data incident, locate your mailed notice, visit the settlement portal, and secure your cash benefit and identity protection before the windows close. Remember, there is absolutely no cost or obligation to reach out, check your eligibility, or connect with an experienced attorney to learn more about how you can hold companies accountable.
New cases and investigations, settlement deadlines, and news straight to your inbox.
