Ransomware Crisis Hits Healthcare Sector Again: Over 245,000 Patients Affected in Two Major Data Breaches
The healthcare sector has once again become a prime target for cybercriminals, with two new data breaches exposing the personal and medical details of more than 245,000 individuals. Milwaukee-based Bell Ambulance and Birmingham’s Alabama Ophthalmology Associates have both confirmed suffering ransomware attacks that led to large-scale data compromises — the latest grim additions to an already staggering trend in healthcare-related cyber incidents.
Table of Contents
Bell Ambulance Breach: Medusa Ransomware Strikes Wisconsin Emergency Services
On February 13, 2025, Bell Ambulance, a key provider of emergency medical transportation in Milwaukee, detected suspicious activity within its network. A forensic investigation revealed that attackers had infiltrated the system and accessed highly sensitive files containing patient and employee information. Exposed data includes full names, dates of birth, Social Security numbers, driver’s license details, financial and medical records, and health insurance information. While Bell Ambulance initially withheld specifics on the scope of the breach, the U.S. Department of Health and Human Services (HHS) later confirmed that over 114,000 individuals were affected. The Medusa ransomware group took responsibility for the attack, boasting in early March that they had exfiltrated more than 200 gigabytes of data from Bell’s servers.
Alabama Ophthalmology Associates Compromised by BianLian Ransomware Group
Not long after the Wisconsin attack, Alabama Ophthalmology Associates — a respected eye care practice in Birmingham — disclosed its own ransomware incident. Detected on January 30, the breach was traced back to unauthorized access that began as early as January 22, 2025. By the time it was uncovered, attackers had already siphoned off troves of sensitive patient data, including names and contact details, dates of birth, driver’s license numbers, Social Security numbers, medical histories, and health insurance data. This time, it was the BianLian ransomware gang that claimed responsibility. Known for targeting the healthcare and public sectors, BianLian has rapidly evolved from encrypting data to focusing on pure data theft and extortion. According to the HHS breach portal, more than 131,000 individuals were impacted by this breach.
Healthcare: A Prime Target in the Ransomware Surge
The twin breaches are stark reminders of a troubling trend: healthcare systems continue to be among the most vulnerable to ransomware threats. According to HHS data, over 700 healthcare-related data breaches were disclosed in the U.S. last year alone, with more than 180 million records compromised. Why is healthcare such a magnet for cyberattacks? The answer lies in the richness and value of patient data. Medical records contain a blend of personal identifiers, financial information, and health history — a goldmine for identity thieves and extortionists. Furthermore, many healthcare organizations operate on legacy systems that lack modern cybersecurity defenses, making them ripe for exploitation.
What You Should Do If You’ve Been Affected
If you believe you may be impacted by either of these breaches, it's critical to take immediate action. Monitor your financial accounts and credit reports for suspicious activity. Place a fraud alert or consider a credit freeze with the major credit bureaus. Contact your health insurance provider and healthcare providers to notify them of potential identity theft. Stay alert for phishing emails and scam calls that may follow the breach. As ransomware attacks grow more aggressive and sophisticated, vigilance remains the best defense — especially for those whose most private information has already been exposed.