Bell Ambulance, a healthcare provider based in Milwaukee, Wisconsin, has announced that the personal, financial, and health information of approximately 238,000 individuals was compromised in a cyberattack that occurred in February 2025. The breach was attributed to the Medusa ransomware group, which has claimed responsibility for the intrusion.
Details of the Cyber Incident
The incident was detected by Bell Ambulance on February 13, 2025, and publicly disclosed on April 14 of the same year. Initially, the organization reported that 114,000 individuals were affected. However, recent notifications to the Maine Attorney General’s Office have updated this number to nearly 238,000, revealing the extent of the breach.
The attackers were reportedly active within Bell’s network from February 7 to February 14, 2025. Bell Ambulance has since completed its investigation into the incident, concluding its findings on February 20, 2026. The compromised data includes sensitive information such as names, Social Security numbers, dates of birth, driver’s license numbers, as well as financial and medical details.
Response and Mitigation Efforts
In response to the breach, Bell Ambulance has taken several actions to secure its network. Measures include resetting passwords, securing all accounts, and performing a comprehensive investigation to understand the breach’s scope. To mitigate potential harm, the organization is offering 12 months of complimentary credit monitoring and identity protection services to those affected.
Bell Ambulance advises individuals to remain vigilant against potential fraud and identity theft, encouraging them to monitor their financial and personal accounts closely.
Implications and Further Developments
In March 2025, the Medusa ransomware group claimed to have extracted 219.50 GB of data from Bell Ambulance’s systems. The group has since made this data publicly available, suggesting that Bell Ambulance did not comply with ransom demands. This breach adds to a growing list of cybersecurity incidents affecting various sectors, including recent breaches at Michelin, Ericsson, and LexisNexis.
As cyber threats continue to evolve, organizations are urged to enhance their security protocols and maintain robust defenses to protect sensitive information. The incident serves as a reminder of the importance of cybersecurity in safeguarding personal and financial data.
