A ransomware-linked cyberattack on MedEx has exposed the personal and medical data of over 118,000 patients.
Medical Express Ambulance Service (MedEx), a private ambulance company based in Skokie, Illinois, has disclosed a cybersecurity breach that exposed sensitive data belonging to 118,418 individuals. The breach, detected over a year ago, was only recently confirmed and made public through a filing with the Maine Attorney General’s office. Although not explicitly stated, the language used in official statements suggests the incident was a ransomware attack.
The company first noticed the breach on March 18, 2024, following a network disruption that disrupted core systems. Forensic investigations by third-party cybersecurity experts revealed that attackers gained access to systems storing patient data, putting a broad range of personally identifiable information at risk.
The forensic process concluded on January 30, 2025, and notification letters were mailed on April 14, 2025, after compiling a finalized list of affected individuals. Compromised data may include names, birth dates, Social Security numbers, driver’s license details, health and insurance information, financial data, login credentials, and even passport numbers for some patients.
Despite the scope of the breach, MedEx has stated there is no evidence that the stolen data has been misused. As a precaution, the company is offering 12 months of complimentary credit monitoring and identity theft protection. Among the 118,418 affected individuals, 49 were residents of Maine.
MedEx operates more than 80 ambulances and employs over 375 people, serving a wide swath of Illinois. The delay in public notification proves ongoing challenges healthcare providers face when balancing investigation timelines with disclosure obligations.
MedEx did not provide many public statements beyond the formal notification. However, the extended timeline, spanning more than a year from discovery to disclosure, raises questions about transparency and response speed.
Cybersecurity experts continue to warn that healthcare and emergency service providers remain prime targets for cybercriminals due to outdated IT systems and the high value of medical data on the black market.
The MedEx breach shows how fragile patient privacy has become in the face of ransomware. It wasn’t a hospital, but an ambulance service, proof that no corner of healthcare is off-limits. When disclosure takes over a year, the breach doesn’t just expose data; it exposes cracks in the system that are meant to protect it.
MedEx may face scrutiny under state data breach notification laws and HIPAA regulations, which require timely communication once a breach is confirmed.
Ransomware can paralyze dispatch systems, delay response times, and disrupt patient care coordination, posing serious risks to public safety.
Health records contain a mix of personal, financial, and insurance information that can be used for identity theft, fraudulent billing, or sold on the dark web.
Look for providers that offer transparent data protection policies, use encrypted portals, and have clear breach response plans in place.
They should invest in routine vulnerability assessments, endpoint protection, staff training, and incident response protocols tailored to 24/7 operations.