Wisconsin's largest ambulance provider, Bell Ambulance, recently confirmed that a 2024 cyberattack by the Medusa ransomware gang compromised the sensitive data of over 235,000 individuals. The stolen information included highly private details such as Social Security numbers, medical records, and financial accounts, leading the FBI to issue warnings about the hacking group's aggressive tactics against critical infrastructure.

Bell Ambulance recently submitted official filings revealing that a significant data breach discovered in early 2025 impacted nearly 238,000 people. The Milwaukee based company, which serves as a primary emergency service provider across several Wisconsin cities, identified the intrusion in February and immediately enlisted cybersecurity specialists to manage the fallout. Despite initial recovery efforts starting in the spring, the full scale of the theft only became clear as more victims were identified through the later months of the year.

The information exfiltrated during the attack is comprehensive and poses a high risk to those affected. Hackers managed to seize a wide array of personal data, including driver's license numbers, health insurance details, and specific medical information. Because the provider manages approximately 140,000 calls annually and employs hundreds of staff members, the scope of the exposure spans a wide demographic of patients and employees throughout the region.

The Medusa ransomware group eventually claimed responsibility for the breach, demanding a payment of 400,000 dollars to prevent the release of over 200 gigabytes of stolen data. This criminal organization operates on a ransomware as a service model and has been active since mid 2021. Their involvement prompted federal authorities to take a closer look at the group's patterns, as they have a history of targeting essential services like healthcare and government institutions.

Shortly after the incident with the ambulance service, the FBI and other law enforcement agencies released an urgent advisory regarding the Medusa gang. This group has successfully targeted various high profile entities, ranging from medical firms and manufacturing companies to major organizations like NASCAR. The federal alert highlighted that the group had already been responsible for more than 300 attacks on critical infrastructure across multiple states.

Law enforcement officials warned that the group often employs sophisticated extortion techniques to maximize their profits. In some instances, they have used triple extortion schemes where victims are pressured by multiple actors within the same criminal group even after an initial payment is made. This specific attack on Wisconsin's emergency infrastructure serves as a stark reminder of the persistent threats facing the medical sector and the complexities involved in recovering from modern cybercrimes.

Source: Cyberattack On Wisconsin’s Largest Ambulance Provider Impacts 235,000 People