Bell Ambulance data breach impacted over 238,000 people

AndyC 12 March 2026

Bell Ambulance data breach impacted over 238,000 people

Bell Ambulance data breach impacted over 238,000 people

Bell Ambulance data breach impacted over 238,000 people

Bell Ambulance data breach impacted over 238,000 people

Pierluigi Paganini
March 12, 2026

Bell Ambulance confirms a February 2025 breach affecting 238,000 people, exposing personal, financial, and health information.

Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers, and non-emergency transport, focusing on patient safety and timely care.

On February 13, 2025, Bell Ambulance detected unauthorized access to its network and started investigating the incident with the help of forensic specialists. Investigation confirmed data exposure, and the company started reviewing affected systems.

The medical services provider disclosed the security breach on April 14, after the Medusa ransomware group claimed responsibility for the attack and the theft of over 219 GB of data. The ransomware group has leaked the allegedly stolen data.

The organization completed the review on February 20, 2026. This week, Bell Ambulance reported the incident to the Maine Attorney General, revealing that attackers accessed its network between February 7 and 14, 2025.

“On February 13, 2025, we became aware of unauthorized activity on our computer network and immediately engaged third-party forensic specialists to determine the full nature and scope of the incident. This investigation confirmed an unauthorized individual accessed data within the Bell network. We then began a thorough review of the impacted portions of our network to determine the type of information contained therein and to whom the information related.” reads the data breach notification letter shared with the Maine Attorney General Office. “While that review continued, Bell notified those individuals it was able to identify and for whom Bell had reliable address information on April 18, 2025. Additional individuals were identified and notified on January 15, 2026. On February 20, 2026, the review was completed and Bell confirmed information related to you was impacted.”

The data breach impacted 237830 individuals, exposing names, Social Security numbers, birth dates, driver’s licenses, financial, medical, and health insurance information. Bell completed its investigation on February 20, 2026, and issued notifications to those impacted.

In response to the incident, Bell Ambulance reset all passwords, secured accounts, and completed a full investigation. The organization offers the impacted individuals 12 months of free credit monitoring and identity protection. Bell advises monitoring credit reports and account statements, reporting suspicious activity, and following enclosed guidance to protect personal information.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

More Stories

Pro-Palestinian hacktivist group Handala targets Stryker in global disruption

Pro-Palestinian hacktivist group Handala targets Stryker in global disruption

AndyC 12 March 2026
BeatBanker malware targets Android users with banking Trojan and crypto miner

BeatBanker malware targets Android users with banking Trojan and crypto miner

AndyC 12 March 2026
Smashing Security podcast #458: How not to steal million from the US government

Smashing Security podcast #458: How not to steal $46 million from the US government

AndyC 12 March 2026
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

AndyC 12 March 2026
Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX

Hewlett Packard Enterprise fixes critical authentication bypass in Aruba AOS-CX

AndyC 12 March 2026
KadNap bot compromises 14,000+ devices to route malicious traffic

KadNap bot compromises 14,000+ devices to route malicious traffic

AndyC 12 March 2026

You may have missed

Bell Ambulance data breach impacted over 238,000 people

Bell Ambulance data breach impacted over 238,000 people

AndyC 12 March 2026
Iranian Hackers Attack U.S. Company Stryker in Escalation of Cyber War

SafeNet Trusted Access is Now Available on Google Cloud Marketplace

AndyC 12 March 2026
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

AndyC 12 March 2026
Pro-Palestinian hacktivist group Handala targets Stryker in global disruption

Pro-Palestinian hacktivist group Handala targets Stryker in global disruption

AndyC 12 March 2026
BeatBanker malware targets Android users with banking Trojan and crypto miner

BeatBanker malware targets Android users with banking Trojan and crypto miner

AndyC 12 March 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.