Cyberattack on Bell Ambulance Exposes Data of Over 235,000 Individuals
Bell Ambulance, Wisconsin’s largest ambulance provider, confirmed a data breach affecting 237,830 individuals after hackers infiltrated its systems in early 2025. The attack, discovered on February 13, resulted in the theft of sensitive information, including Social Security numbers, driver’s license details, financial accounts, medical records, and health insurance data.
The company, which serves Milwaukee and surrounding cities with over 750 employees handling roughly 140,000 calls annually, engaged cybersecurity experts to investigate and mitigate the breach. Notifications to affected individuals began in April 2025, with additional victims identified through the fall.
The Medusa ransomware gang claimed responsibility for the attack, demanding a $400,000 ransom for the 219 GB of stolen data. The group, active since June 2021, has targeted critical infrastructure, including healthcare and government entities across multiple states. In March 2025, the FBI issued an advisory warning of Medusa’s escalating attacks, noting its use of triple extortion tactics demanding multiple ransom payments under false pretenses.
The breach underscores the persistent threat ransomware groups pose to healthcare and emergency services.
Source: https://therecord.media/235000-affected-cyberattack-ambulance-provider
Bell cybersecurity rating report: https://www.rankiteo.com/company/bell
"id": "BEL1773239202",
"linkid": "bell",
"type": "Ransomware",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '237,830',
'industry': 'Healthcare, Emergency Services',
'location': 'Milwaukee, Wisconsin, USA',
'name': 'Bell Ambulance',
'size': '750+ employees, 140,000 calls annually',
'type': 'Ambulance Service Provider'}],
'customer_advisories': 'Notifications sent to affected individuals',
'data_breach': {'data_exfiltration': '219 GB of stolen data',
'number_of_records_exposed': '237,830',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'Driver’s license details',
'Financial accounts',
'Medical records',
'Health insurance data']},
'date_detected': '2025-02-13',
'date_publicly_disclosed': '2025-04',
'description': 'Bell Ambulance, Wisconsin’s largest ambulance provider, '
'confirmed a data breach affecting 237,830 individuals after '
'hackers infiltrated its systems in early 2025. The attack '
'resulted in the theft of sensitive information, including '
'Social Security numbers, driver’s license details, financial '
'accounts, medical records, and health insurance data.',
'impact': {'data_compromised': 'Sensitive personal and medical information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (ransom)',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$400,000',
'ransomware_strain': 'Medusa'},
'references': [{'source': 'FBI Advisory'}],
'response': {'communication_strategy': 'Notifications to affected individuals',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'Medusa ransomware gang',
'title': 'Cyberattack on Bell Ambulance Exposes Data of Over 235,000 '
'Individuals',
'type': 'Data Breach, Ransomware'}