Bell Ambulance Data Breach Exposes Sensitive Medical Records of 238,000 Patients

A massive data breach at U.S.-based Bell Ambulance has exposed the highly sensitive personal and medical information of nearly 238,000 individuals. The Medusa ransomware group has claimed responsibility for the cyberattack, which resulted in the theft and subsequent leak of over 219 GB of critical data. This incident highlights the severe vulnerabilities facing emergency medical service providers and the devastating impact on patient privacy.

The unauthorized access occurred between February 7 and February 14, 2025, with Bell Ambulance first detecting the intrusion on February 13. Following the discovery, the organization immediately engaged third-party forensic specialists to investigate the scope of the compromise. The medical services provider officially disclosed the breach in April 2025 after the Medusa ransomware group publicly claimed the attack.

After a prolonged and thorough review that concluded on February 20, 2026, the company confirmed the exact nature of the stolen data. The compromised information includes names, Social Security numbers, dates of birth, and driver’s licenses. Furthermore, highly sensitive financial details, medical records, and health insurance information were also exposed, putting 237,830 patients and individuals at significant risk of identity theft.

In response to the severe security incident, Bell Ambulance has reset all system passwords and secured its network accounts. The organization recently filed a formal data breach notification with the Maine Attorney General's Office to comply with regulatory requirements. To assist those affected, the company is offering 12 months of free credit monitoring and identity protection services.

The Bell Ambulance data breach serves as a grim reminder that healthcare and emergency services remain prime targets for ransomware syndicates like Medusa. The fact that it took over a year - from the initial intrusion in February 2025 to the final review completion in February 2026 - to fully identify all impacted individuals underscores the immense complexity of auditing compromised medical networks. Moving forward, healthcare providers must adopt Zero Trust architectures and strict data segmentation to prevent lateral movement during such attacks, as the exposure of Social Security numbers alongside medical histories creates a perfect storm for long-term medical identity theft.

What information was stolen in the Bell Ambulance breach?
The exposed data includes names, Social Security numbers, birth dates, driver’s licenses, financial details, and sensitive medical and health insurance information.

Who is responsible for the cyberattack?
The Medusa ransomware group claimed responsibility for the attack, stating they stole and leaked over 219 GB of data from the organization.

What should affected individuals do?
Impacted individuals should enroll in the 12 months of free credit monitoring offered by Bell Ambulance, closely monitor their financial and medical statements, and report any suspicious activity immediately.