Bell Ambulance Ransomware Attack Impacts Over 237,000 Individuals

Bell Ambulance, the largest ambulance provider in Wisconsin, reports a major data breach to the Maine Attorney General’s Office on March 9, 2026. 

The incident was caused by a ransomware attack discovered on February 13, 2025, which the company has now confirmed impacted 237,830 individuals. The Medusa ransomware group claimed responsibility for the incident.

Threat actors gained access to the provider's network between February 7 and February 14, 2025. Medusa demanded a $400,000 ransom, which Bell Ambulance reportedly refused to pay. The hackers published the stolen data on a dark web leak site. 

The compromised data includes:

• Full names and dates of birth
• Social Security numbers
• Driver’s license numbers
• Financial account information
• Medical information
• Health insurance information

The number of affected individuals is 237,830. 

Although the company began notifying a subset of victims in April 2025, the full scope of the compromise was not finalized until February 20, 2026. The organization is now providing 12 months of free credit monitoring and identity theft protection services to all impacted individuals.