Bell Ambulance: Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000

Two Major Healthcare Ransomware Attacks Expose Data of Over 245,000 Patients

Two U.S. healthcare organizations have confirmed ransomware attacks resulting in data breaches affecting more than 245,000 individuals. Both incidents involved the theft of sensitive personal and medical information.

Bell Ambulance (Milwaukee, WI)
Bell Ambulance, a Wisconsin-based emergency medical services provider, detected a network intrusion on February 13, 2025. An investigation revealed that hackers accessed files containing names, dates of birth, Social Security numbers (SSNs), driver’s license details, financial data, medical records, and health insurance information. While the company did not disclose the number of affected individuals, the U.S. Department of Health and Human Services (HHS) breach tracker later reported 114,000 impacted patients. The Medusa ransomware group claimed responsibility in early March, alleging the theft of over 200 GB of data.

Alabama Ophthalmology Associates (Birmingham, AL)
The Birmingham-based ophthalmology practice disclosed a breach on April 10, 2025, after detecting unauthorized access on January 30. Forensic analysis determined that hackers had infiltrated its systems as early as January 22, compromising patient data including names, addresses, dates of birth, driver’s license numbers, SSNs, medical records, and health insurance details. The BianLian ransomware group claimed the attack on February 19, and the HHS breach tracker confirmed 131,000 affected individuals.

These incidents contribute to a growing trend of healthcare cyberattacks, with over 700 breaches reported in the U.S. last year, exposing more than 180 million records. Both organizations are among the latest high-profile targets in an ongoing wave of ransomware threats against the healthcare sector.

Source: https://www.securityweek.com/two-healthcare-orgs-hit-by-ransomware-confirm-data-breaches-impacting-over-100000/

Bellagio cybersecurity rating report: https://www.rankiteo.com/company/bellagio

"id": "BEL1768388694",
"linkid": "bellagio",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '114,000',
                        'industry': 'Healthcare',
                        'location': 'Milwaukee, WI, USA',
                        'name': 'Bell Ambulance',
                        'type': 'Healthcare (Ambulance Services)'},
                       {'customers_affected': '131,000',
                        'industry': 'Healthcare',
                        'location': 'Birmingham, AL, USA',
                        'name': 'Alabama Ophthalmology Associates',
                        'type': 'Healthcare (Ophthalmology Practice)'}],
 'customer_advisories': 'Public data security notices issued',
 'data_breach': {'data_exfiltration': 'Yes (200 Gb claimed by Medusa '
                                      'ransomware group)',
                 'number_of_records_exposed': ['114,000', '131,000'],
                 'personally_identifiable_information': 'Names, dates of '
                                                        'birth, SSNs, driver’s '
                                                        'license numbers',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)',
                                              'Financial Information']},
 'date_detected': ['2025-02-13', '2025-01-30'],
 'date_publicly_disclosed': ['2025-04-03', '2025-04-10'],
 'description': 'Two healthcare organizations confirmed data breaches '
                'impacting over 100,000 individuals each due to ransomware '
                'attacks. Bell Ambulance detected a network intrusion on '
                'February 13, 2025, with hackers accessing sensitive personal '
                'and medical information. Alabama Ophthalmology Associates '
                'detected a breach on January 30, 2025, with unauthorized '
                'access since January 22, compromising patient data.',
 'impact': {'data_compromised': 'Personal and protected health information, '
                                'including names, dates of birth, SSNs, '
                                'driver’s license numbers, medical and health '
                                'insurance information, and financial data',
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransomware_strain': ['Medusa', 'BianLian']},
 'references': [{'source': 'Department of Health and Human Services (HHS) data '
                           'breach tracker'},
                {'source': 'Medusa ransomware group announcement'},
                {'source': 'BianLian ransomware group announcement'}],
 'regulatory_compliance': {'regulations_violated': ['HIPAA'],
                           'regulatory_notifications': 'Reported to HHS'},
 'response': {'communication_strategy': 'Public data security notices'},
 'threat_actor': ['Medusa ransomware group', 'BianLian ransomware group'],
 'title': 'Ransomware Attacks on Bell Ambulance and Alabama Ophthalmology '
          'Associates',
 'type': 'Ransomware'}

Bell Ambulance: Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000

Bol.com: Dutch ecommerce site Bol.com investigates claims of a data breach

TP-Link: Hackers Use CVE-2024-3721 to Infect TBK DVRs With Nexcorium DDoS Malware

Iberdrola, BePrime, ArcelorMittal and Alsea: Breach at cybersecurity company exposes client data and surveillance systems