Milwaukee’s largest private ambulance provider is dealing with a cyber mess of its own. Bell Ambulance confirmed this week that a ransomware attack first spotted in February 2025 exposed personal and medical records for roughly 237,830 people. The Medusa ransomware group quickly claimed the hit, boasting that it had swiped hundreds of gigabytes of data and demanding a payout. Bell says it has since locked down its systems, spent the past year combing through files, and is now finishing up notification letters to everyone it believes was caught in the blast radius.
How Bell Says the Hack Went Down
According to a public notice, Bell says it detected “unauthorized activity” on its network on February 13, 2025, then pulled in third‑party forensic specialists to figure out what happened and how bad it was.
“Importantly, there is no evidence to suggest that information has been, or will be misused at this time,” the company wrote. The internal review found that affected files could include names plus one or more of the following: dates of birth, Social Security numbers, driver’s license numbers, financial account details, and medical and insurance information.
Bell also lays out recommended next steps for anyone who gets a letter and says it has set up a dedicated assistance line to field questions, according to Bell Ambulance.
Ransomware Gang Takes a Bow, Feds Sound the Alarm
Cybersecurity outlets report that the Medusa ransomware group took responsibility for the attack in early March 2025, posting evidence that about 219 GB of data had been stolen and demanding roughly $400,000 to keep it under wraps. The group has been repeatedly flagged as a continuing headache for hospitals and other critical infrastructure…