Bell Ambulance cyberattack exposed data on 235,000 people including patients and EMS staff in 2025

What happened

In February 2025, The Record reported that Bell Ambulance, the largest ambulance provider in Wisconsin, had disclosed a cyberattack affecting more than 235,000 people. The exposed data spanned Social Security numbers, driver's license numbers, financial account details, medical information, and health insurance information.

Bell Ambulance operates throughout the Milwaukee region and supports EMS contracts for multiple municipalities. The exposure included data tied to patients transported by Bell over years of operations as well as EMS personnel, paramedics, and staff in the company's systems.

How it started

The Record reported the attack consistent with a ransomware intrusion. Healthcare and EMS targets have been frequent ransomware victims because the data is high-value and the operational pressure to keep ambulances running creates leverage for attackers.

EMS provider data is uniquely sensitive. It combines patient PHI, including names, dates of birth, and medical histories, with the personnel data of the EMTs and paramedics who run the calls.

What this means for you

If you're a Wisconsin EMT or paramedic, the state's Daniel's Law analog (Wis. Stat. § 757.07 and 2023 Wisconsin Act 235) was written to cover judicial officers and their families. It does not cover you. The general public-records exemption (Wis. Stat. § 19.36) requires a balancing test rather than giving you a clear right of removal.

The Safe at Home address confidentiality program (Wis. Stat. § 165.68) is built around domestic violence and sexual assault victims, not EMS workers. The layer that does reach you, broker removal, is what we run continuously.

Editorial rules: Only public, already-reported incidents. Never name a non-public victim. Always end with the prevention takeaway tied to our service. Cite at minimum one public source per claim.