Bell Ambulance Data Breach Impacted over 238,000 People

Healthcare organizations have become prime targets for cybercriminals, driven by the high value of personal health information on the black market. Recent reports show a steady rise in ransomware incidents across hospitals and ambulance services, prompting regulators to tighten compliance frameworks such as HIPAA and state-level data breach statutes. The Bell Ambulance breach underscores how even mid‑size EMS providers, which often lack the robust security budgets of larger hospital systems, can suffer catastrophic data loss when attackers exploit unpatched network vulnerabilities.

The Bell Ambulance incident unfolded when unauthorized activity was detected on February 13, 2025, leading to a rapid forensic response. The Medusa ransomware group claimed responsibility, alleging the exfiltration of more than 219 GB of data that included names, Social Security numbers, driver’s licenses, and detailed medical records. Bell’s investigation, completed a year later on February 20, 2026, confirmed the scope of exposure and triggered a series of remedial actions: password resets, account hardening, and the provision of twelve months of free credit monitoring for affected individuals. The company also coordinated with the Maine Attorney General’s Office, issuing breach notifications in April 2025 and again in early 2026 as additional victims were identified.

For the broader industry, the breach serves as a cautionary tale about the need for continuous security monitoring, rapid incident response, and transparent communication with regulators and patients. Organizations are urged to adopt zero‑trust architectures, conduct regular penetration testing, and maintain up‑to‑date encryption for stored health data. As enforcement actions increase, providers that proactively invest in cyber resilience will not only protect patient privacy but also safeguard their reputations and avoid costly fines.