Medusa ransomware attack on Bell Ambulance impacted 114,000 individuals

U.S. ambulance service Bell Ambulance said the data security incident it suffered earlier this year compromised the sensitive personal information of approximately 114,000 individuals.

 

Based in Wisconsin, Bell Ambulance operates a fleet of more than 80 ambulances and caters to residents of Milwaukee County, Waukesha County, Racine County, and Southeastern Wisconsin.

 

In a data security incident notice published on its website, Bell Ambulance said that on February 13, it became aware of a network disruption that impacted certain internal systems. 

 

The ambulance service provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. Bell also took the affected systems offline and notified relevant law enforcement authorities about the incident.

 

“This investigation confirmed an unauthorised individual accessed data within its network,” the ambulance service said.

 

The compromised data included names, dates of birth, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information. 

Bell Ambulance reported the cyber security incident to the U.S. Department of Health and Human Services Office for Civil Rights, stating that it identified at least 114,000 individuals who were impacted by the incident.

 

“In response to this event, Bell secured its network, reset passwords, secured all accounts, and conducted a full investigation into the incident,” Bell added.

 

While Bell found no evidence of the compromise data being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

In March, the infamous Medusa ransomware group claimed responsibility for the cyber attack on Bell Ambulance and listed it as a victim on its data leak site.

 

 

The group claimed to be in possession of 210.50GB of confidential data stolen from the ambulance service provider and gave the company a deadline of a week to pay a ransom, threatened to leak the stolen data if its demand wasn’t met. It isn’t clear if the ambulance service engaged with the ransomware group or paid a ransom.