Key Findings

* Bell Ambulance experienced a data breach affecting 237,830 individuals

* Unauthorized network access occurred in February 2025

* Medusa ransomware group claimed responsibility for the attack

* Exposed data includes personal, financial, and medical information

* Company offered 12 months of free credit monitoring to affected individuals

Background

Bell Ambulance is an emergency medical services provider based in Milwaukee, Wisconsin. The organization offers ambulance transport, paramedic care, and patient support across multiple communities. On February 13, 2025, the company first detected unauthorized activity within its computer network, initiating an immediate investigation into the potential security breach.

Incident Timeline

The breach investigation revealed that unauthorized access occurred between February 7-14, 2025. Initially, Bell Ambulance identified 114,000 potentially impacted individuals, but subsequent review expanded the number to 237,830 individuals. The company completed its comprehensive internal review on February 20, 2026, and began issuing notification letters to affected individuals.

Compromised Information

The data breach exposed multiple sensitive information types, including:

* Full names

* Social Security numbers

* Dates of birth

* Driver's license numbers

* Financial account details

* Medical information

* Health insurance data

Ransomware Group Involvement

The Medusa ransomware group claimed responsibility for the intrusion on March 2, 2025. They alleged to have exfiltrated approximately 220 GB of data and demanded a $400,000 ransom, threatening to auction the stolen information if payment was not received within seven days.

Mitigation and Response

Bell Ambulance took several immediate actions following the breach:

* Secured affected network accounts

* Reset all passwords

* Engaged external forensic specialists

* Implemented additional security measures

* Offered complimentary credit monitoring services

* Established a support line for affected individuals

Recommendations for Affected Individuals

The company advised potentially impacted individuals to:

* Monitor financial statements

* Review credit reports

* Report suspicious activities

* Consider placing fraud alerts

* Utilize provided identity protection services

Sources

• https://hackread.com/bell-ambulance-confirms-data-breach/

• https://securityaffairs.com/189343/data-breach/bell-ambulance-data-breach-impacted-over-238000-people.html

• https://bulletproofservers.hk/blog/bell-ambulance-confirms-data-breach-impacting-237830-individuals/

• https://www.reddit.com/r/cybersecurity/comments/1rr245u/bell_ambulance_wisconsin_data_breach_exposes/

• https://www.securityweek.com/238000-impacted-by-bell-ambulance-data-breach/