235,000 affected by cyberattack on largest ambulance provider in Wisconsin

Steven

235,000 affected by cyberattack on largest ambulance provider in Wisconsin

Summary

Bell Ambulance, Wisconsin’s largest ambulance provider, confirmed a data breach impacting 237,830 people. Attackers stole Social Security numbers, driver’s licence numbers, financial account details, medical information and health insurance data. The company discovered the incident on 13 February 2025, began notifying some affected people in April 2025, and identified additional victims through the autumn. The Medusa ransomware gang claimed responsibility and demanded $400,000 for 219 GB of stolen data. The FBI later issued an advisory highlighting Medusa’s pattern of attacks on critical infrastructure and use of triple-extortion tactics.

Key Points

  • 237,830 people had personal and medical data exposed in the Bell Ambulance breach.
  • Incident discovered on 13 February 2025; notifications began in April 2025 with more victims found later in 2025.
  • Compromised data included Social Security numbers, driver’s licence numbers, financial accounts and health information.
  • Medusa ransomware gang claimed the attack and demanded $400,000 for 219 GB of data; FBI warning links Medusa to dozens of critical-infrastructure attacks.
  • Bell Ambulance operates across multiple Wisconsin cities, employs over 750 staff and handles about 140,000 ambulance calls a year.

Content summary

The article reports a major cyberattack on an emergency services provider that exposed a large volume of sensitive personal and medical records. It connects the breach to Medusa’s wider campaign against US critical infrastructure, noting law enforcement concerns about the group’s extortion techniques and scale.

Context and Relevance

This incident highlights persistent risks to healthcare and emergency-service organisations, where data theft can harm patient privacy and potentially disrupt operations. Security teams, healthcare administrators and incident responders should be alert to ransomware-as-a-service threats and triple-extortion schemes, and should review incident response and notification practices accordingly.

Why should I read this

Quick take: a big ambulance provider got hit, lots of sensitive info got nicked, and a known nasty gang (Medusa) is involved. If you work in healthcare, security or manage incident response — or just care about patient privacy — this saves you time by flagging what happened and what to watch for.

Author style

Punchy: this story matters — it combines large-scale personal data loss with an attack on critical public services. Read the detail if you need to act, advise others or assess risk.

Source

Source: https://therecord.media/235000-affected-cyberattack-ambulance-provider