Bell Ambulance Confirms Massive Data Breach Impacting Over 230,000 Patients

Bell Ambulance, Inc., Wisconsin’s largest private emergency medical transport provider, has officially disclosed a major data breach following a year-long investigation into unauthorized network access. The Milwaukee-based company confirmed that a cyberattack, which began in early February 2025, resulted in the exposure of sensitive personal and medical data for 237,830 individuals.

The compromised information reportedly includes names, Social Security numbers, driver’s license details, financial account records, and protected health information, such as medical histories and health insurance data. The incident first came to light on February 13, 2025, when Bell Ambulance detected suspicious activity on its computer systems. Shortly thereafter, the Medusa ransomware group claimed responsibility for the intrusion, asserting that it had exfiltrated approximately 220 gigabytes of data. The hackers issued a $400,000 ransom demand, threatening to auction the stolen information if payment was not received within one week. While the company initially notified 114,000 people of the risk in April 2025, a second internal review completed in February 2026 revealed that the scope of the breach was significantly larger than previously estimated.

In response to the breach, Bell Ambulance has implemented enhanced security measures, including network hardening and universal password resets. The company is now offering affected patients up to 24 months of complimentary credit monitoring and identity protection services through IDX. Security experts and law firms are currently investigating the incident to determine if adequate safeguards were in place to protect patient data. Impacted individuals are being urged to remain vigilant by monitoring their financial statements and credit reports for signs of identity theft or medical fraud.