Bell Ambulance Suffers Major Data Breach in Medusa Ransomware Attack
In February 2025, Wisconsin-based Bell Ambulance, a leading emergency medical services provider, fell victim to a cyberattack by the Medusa ransomware-as-a-service operation. The breach compromised sensitive data belonging to 237,830 individuals, including Social Security numbers, financial account details, driver’s license numbers, medical records, and health insurance information.
Bell Ambulance disclosed the incident in breach notices filed with Maine regulators, confirming that threat actors exfiltrated the data. While the company began sending breach notifications in April 2025, additional victims were identified in the following months. The attack traces back to a 2024 ransom demand by Medusa, which sought $400,000 in exchange for not leaking the stolen 219 GB of data.
The FBI has since highlighted Medusa’s growing threat, noting that the group has targeted over 300 critical infrastructure organizations since its emergence in June 2021. The Bell Ambulance breach underscores the persistent risks posed by ransomware operations to healthcare and emergency services.
Source: https://www.scworld.com/brief/bell-ambulance-breach-impacts-over-237k
Bell cybersecurity rating report: https://www.rankiteo.com/company/bell
"id": "BEL1773383385",
"linkid": "bell",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '237,830',
'industry': 'Healthcare',
'location': 'Wisconsin, USA',
'name': 'Bell Ambulance',
'type': 'Emergency medical services provider'}],
'customer_advisories': 'Breach notifications sent to affected individuals',
'data_breach': {'data_exfiltration': '219 GB of data',
'number_of_records_exposed': '237,830',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'Financial account details',
'Driver’s license numbers',
'Medical records',
'Health insurance information']},
'date_detected': '2025-02',
'date_publicly_disclosed': '2025-04',
'description': 'In February 2025, Wisconsin-based Bell Ambulance, a leading '
'emergency medical services provider, fell victim to a '
'cyberattack by the Medusa ransomware-as-a-service operation. '
'The breach compromised sensitive data belonging to 237,830 '
'individuals, including Social Security numbers, financial '
'account details, driver’s license numbers, medical records, '
'and health insurance information. The attack traces back to a '
'2024 ransom demand by Medusa, which sought $400,000 in '
'exchange for not leaking the stolen 219 GB of data.',
'impact': {'data_compromised': 'Sensitive data of 237,830 individuals, '
'including Social Security numbers, financial '
'account details, driver’s license numbers, '
'medical records, and health insurance '
'information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$400,000',
'ransomware_strain': 'Medusa'},
'references': [{'source': 'Maine regulators breach notices'},
{'source': 'FBI report on Medusa ransomware'}],
'regulatory_compliance': {'regulatory_notifications': 'Breach notices filed '
'with Maine regulators'},
'response': {'communication_strategy': 'Breach notifications sent to affected '
'individuals'},
'threat_actor': 'Medusa ransomware-as-a-service operation',
'title': 'Bell Ambulance Suffers Major Data Breach in Medusa Ransomware '
'Attack',
'type': 'Ransomware'}