Two healthcare organizations—Bell Ambulance and Alabama Ophthalmology Associates—have confirmed separate ransomware attacks that compromised the personal data of over 245,000 patients combined.
Bell Ambulance, based in Milwaukee, Wisconsin, revealed it was hit by a network intrusion on February 13, 2025. The ambulance service provider found that hackers had accessed sensitive information, including full names, birth dates, Social Security numbers, driver’s license data, and financial and medical records, along with health insurance details.
While the company’s public notice did not disclose the full scope of the breach, the U.S. Department of Health and Human Services (HHS) reported that 114,000 individuals were affected. Shortly after the incident, the Medusa ransomware group claimed responsibility, stating it had stolen over 200 gigabytes of data from Bell Ambulance’s systems.
Meanwhile, Alabama Ophthalmology Associates, a specialty eye care practice based in Birmingham, confirmed another large-scale healthcare data breach. The organization discovered the network intrusion on January 30, 2025, but further investigation revealed that hackers had been inside its systems since January 22.
The data breach impacted both current and former patients. Information exposed includes names, addresses, birth dates, driver’s license numbers, Social Security numbers, and medical and insurance records. According to the HHS breach portal, this incident affected more than 131,000 individuals.
The BianLian ransomware gang, known for targeting healthcare and critical infrastructure, took credit for the Alabama attack on February 19.
These are just the latest additions to a growing list. In 2024 alone, the HHS reported over 700 data breaches across the U.S. healthcare sector. Altogether, these incidents exposed more than 180 million patient records, highlighting the increasing risks tied to ransomware attacks on medical systems.
