The Wisconsin ambulance service provider has notified the Department of Health and Human Services of a data breach impacting approximately 114,000 individuals.
What happened
On April 14th, 2025, Bell Ambulance submitted a data breach notice to the HHS. According to the notice, the ambulance service’s network server was breached in a “hacking/IT incident.”
Bell Ambulance also posted a notice online, which stated that the accessed information is still being determined, but likely includes: individuals’ first and last names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical information, and/or health insurance information.
Going deeper
Bell Ambulance, which has been operating in Milwaukee, Wisconsin, since the 1970s, currently operates 82 ambulatory vehicles and has over 700 employees throughout Wisconsin.
In their statement, Bell said they became aware of unauthorized activity on their network on February 13th, 2025. They immediately began investigating the incident with the help of forensic specialists who confirmed the breach had taken place. After the confirmation, Bell said they began a review of the impacted portions of the network and added that the review “is currently ongoing.”
While Bell was able to determine what information was impacted, they have not yet determined who had their information accessed.
The company said, “In response to this event, Bell secured its network, reset passwords, secured all accounts, and conducted a full investigation into the incident.” The service provider is also in the process of mailing out notice letters to potentially impacted individuals. Bell is encouraging individuals to monitor their credit reports and account statements.
The bottom line
It’s unclear what exactly caused this data breach, but Bell Ambulance has so far been quick to provide information and updates on the investigation. Attacks on healthcare organizations, especially those that utilize ambulatory services, can be particularly devastating. Past attacks have led to the diversion of services. While a quick response is helpful to impacted patients, preventing an attack is the best way to prevent healthcare service disruption. Strong cybersecurity software, like Paubox’s email suite, can help prevent network attacks.
FAQs
Should organizations post a notice if the investigation is still ongoing?
The HHS requires organizations to provide notifications of data breaches impacting 500 or more individuals to be sent within 60 days. Notifications can be delayed if the notice could threaten the investigation. Despite the guidelines, it can be helpful to provide a notification to the public early, even if some information is limited. At times, companies will provide updated numbers to the HHS as needed.
Are ambulance organizations more likely to be targeted in data breaches?
Many healthcare organizations are fighting increased threats to their network. Ambulance organizations are not necessarily more likely to be targeted, but there have been multiple attacks against these organizations in recent months, including a large attack against Medical Express Ambulance.
Abby Grifno
