Bell Ambulance, Inc., an emergency medical transport provider based in Milwaukee, Wisconsin, has disclosed a data breach after an unauthorized individual accessed data within its network.
The company said it detected suspicious activity in December 2025, when it identified unauthorized activity affecting its computer systems. The investigation later determined that the unauthorized access had occurred earlier, in February 2025.
After discovering the incident, Bell Ambulance secured affected accounts, reset passwords, and engaged external forensic specialists to investigate the scope and impact of the breach. The forensic investigation confirmed that an unauthorized party accessed data stored on the company’s network. Following that discovery, Bell Ambulance conducted a detailed review of the affected systems to determine which information was involved and which individuals were impacted.
According to the breach notification, the exposed information may include an individual’s first and last name combined with other personal data elements. The exact additional data involved varies by person and is specified individually in the notification letters sent to affected individuals.
Bell Ambulance began notifying affected individuals once sufficient information became available during the review process. The company sent an initial round of notifications on April 18, 2025, and later issued additional notices on January 15, 2026, after identifying more individuals whose data may have been affected. The internal review determining the full scope of impacted information was completed on February 20, 2026.
As part of its response, Bell Ambulance states that it implemented security measures and conducted a full investigation into the incident. The company is also offering affected individuals 12 or 24 months of complimentary credit monitoring and identity protection services through IDX.
The breach notification advises affected individuals to monitor financial statements, review credit reports, and report any suspicious activity to financial institutions. It also outlines options such as placing fraud alerts or credit freezes with major credit reporting agencies to reduce the risk of identity theft.
Bell Ambulance has established a support line for individuals seeking additional information about the incident and the identity protection services being offered.
Not The First Time
This is not the first time Bell Ambulance has dealt with a data security incident. On February 13, 2025, the organization detected unauthorized activity within its network and notified employees about disruptions affecting internal IT systems. The company then launched an investigation to determine whether any sensitive information had been accessed or compromised.
A later update on April 22 confirmed that the breach affected 114,000 individuals. The exposed data may include dates of birth, Social Security numbers, driver’s license numbers, financial account details, medical information, and health insurance data.
On March 2, 2025, the ransomware group Medusa claimed responsibility for the intrusion. The group stated that it exfiltrated approximately 220 GB of data and demanded a $400,000 ransom, warning that the stolen information would be auctioned if the payment was not made within seven days.
