American Multispecialty Group, doing business as Esse Health, agreed to pay $2,525,000 to resolve consolidated class action litigation related to an April 2025 cyberattack and data breach affecting individuals associated with the Missouri-based physician group serving the greater St. Louis area.
Esse Health detected the cyberattack on April 21, 2025. A forensic investigation confirmed that hackers obtained sensitive information that included names, addresses, dates of birth, medical information, and medical insurance details. Approximately 5,000 individuals also had Social Security numbers compromised in the incident.
In compliance with HIPAA laws, Esse Health reported the data breach to the HHS Office for Civil Rights as affecting the electronic protected health information (ePHI) of 23,671 patients. The Maine Attorney General was informed that 263,601 individuals were affected. The lawsuit stated that approximately 521,167 individuals were affected.
Esse Health announced the data breach on May 15, 2025. A class action lawsuit was subsequently filed by Plaintiff Casten Clausner in the U.S. District Court for the Eastern District of Missouri. Seven additional plaintiffs later filed related actions in state court in St. Louis County and the City of St. Louis.
The separate actions were consolidated in June 2025 in the 22nd Judicial Circuit Court of St. Louis City, Missouri, under the case Clausner et al. v. American Multispecialty Group.
Allegations in the Consolidated Litigation
The consolidated lawsuit alleged that the data breach could have been prevented and claimed the incident resulted from a failure to implement reasonable and proper cybersecurity protection.
The lawsuit claims invasion of privacy, breach of confidence, breach of implied contract, breach of fiduciary duty, negligence, negligence per se, unjust enrichment, requests for declaratory and injunctive relief, and violation of the Missouri Merchandise Practices Act.
Esse Health denied wrongdoing and denied liability in connection with the litigation. The parties agreed to settle following mediation to avoid continued litigation costs and associated risks.
Settlement Terms
Under the terms of the settlement agreement, Esse Health will establish a $2,525,000 settlement fund. The fund will be used to cover attorneys’ fees and expenses, settlement administration and notification costs, class members benefits, and service awards for the eight class representatives.
After deductions for approved costs and expenses, the remaining balance of the settlement fund will be distributed for class member benefits. The settlement does not provide reimbursement claims for documented losses. Instead, class members are eligible for a pro rata cash payment that is expected to be approximately $50 per class member. The payment amount may vary depending on the number of claims submitted.
Class members are also eligible to enroll in two years of medical identity protection services. The services include a $1 million medical identity theft insurance policy. Esse Health will pay separately for the medical identity protection services.
The settlement received preliminary court approval. The deadline for objections to the settlement and requests for exclusion is July 5, 2026. Claims must be submitted by August 4, 2026. The final approval hearing is scheduled for August 3, 2026.
