Bell Ambulance Suffers Major Data Breach in Medusa Ransomware Attack In February 2025, Wisconsin-based Bell Ambulance, a leading emergency medical services provider, fell victim to a cyberattack by the Medusa ransomware-as-a-service operation. The breach compromised sensitive data belonging to 237,830 individuals, including Social Security numbers, financial account details, driver’s license numbers, medical records, and health insurance information. Bell Ambulance disclosed the incident in breach notices filed with Maine regulators, confirming that threat actors exfiltrated the data. While the company began sending breach notifications in April 2025, additional victims were identified in the following months. The attack traces back to a 2024 ransom demand by Medusa, which sought $400,000 in exchange for not leaking the stolen 219 GB of data. The FBI has since highlighted Medusa’s growing threat, noting that the group has targeted over 300 critical infrastructure organizations since its emergence in June 2021. The Bell Ambulance breach underscores the persistent risks posed by ransomware operations to healthcare and emergency services.

Cyberattack on Bell Ambulance Exposes Data of Over 235,000 Individuals Bell Ambulance, Wisconsin’s largest ambulance provider, confirmed a data breach affecting 237,830 individuals after hackers infiltrated its systems in early 2025. The attack, discovered on February 13, resulted in the theft of sensitive information, including Social Security numbers, driver’s license details, financial accounts, medical records, and health insurance data. The company, which serves Milwaukee and surrounding cities with over 750 employees handling roughly 140,000 calls annually, engaged cybersecurity experts to investigate and mitigate the breach. Notifications to affected individuals began in April 2025, with additional victims identified through the fall. The Medusa ransomware gang claimed responsibility for the attack, demanding a $400,000 ransom for the 219 GB of stolen data. The group, active since June 2021, has targeted critical infrastructure, including healthcare and government entities across multiple states. In March 2025, the FBI issued an advisory warning of Medusa’s escalating attacks, noting its use of triple extortion tactics demanding multiple ransom payments under false pretenses. The breach underscores the persistent threat ransomware groups pose to healthcare and emergency services.

Hackers have illegally obtained customer information, primarily subscriber names and e-mail addresses. Up to 100,000 customers were affected by the hack. Hackers accessed nearly 1.9 million Bell customer e-mail addresses as well as 1,700 names and phone numbers.

Bell suffered from a data breach incident that exposed1.9 million customer e-mail addresses, and 700 names and phone numbers were illegally accessed. Financial, password or other sensitive personal information was not accessed. Bell takes swift action to protect vulnerable systems. The business has contacted the Office of the Privacy Commissioner and has been closely collaborating with the RCMP cybercrime unit in its investigation.