Ransomware Strikes Bell Ambulance and Alabama Ophthalmology Associates, Exposing Thousands of Records

Ransomware Strikes Bell Ambulance and Alabama Ophthalmology Associates, Exposing Thousands of Records

In two alarming incidents that underscore the vulnerability of the healthcare sector, Bell Ambulance of Wisconsin and Alabama Ophthalmology Associates (AOA) recently suffered ransomware attacks that exposed sensitive data belonging to over 245,000 individuals. These breaches disrupted operations and raised serious concerns about data privacy and cybersecurity readiness in medical organizations of all sizes.

Bell Ambulance: Medusa Ransomware Attack

On February 13, 2025, Bell Ambulance detected unauthorized access to its network by the Medusa ransomware group. The attackers exfiltrated roughly 219 GB of data, which included:

• Full names

• Dates of birth

• Social Security numbers

• Driver’s license numbers

• Health insurance information

• Medical records

• Financial account information

Bell Ambulance has since taken action to secure its systems, including resetting user credentials and enhancing network defenses. Approximately 114,000 individuals were affected, and the organization has established a hotline (1-800-939-4170) to assist those impacted.

Alabama Ophthalmology Associates: BianLian Ransomware Incident

Just weeks earlier, AOA experienced a similar breach. On January 30, 2025, they discovered that the BianLian ransomware group had infiltrated their systems between January 22 and January 30. The attack compromised the personal and medical data of 131,576 patients, including:

• Names and birthdates

• Social Security numbers

• Health insurance details

• Medical histories and treatment information

• Financial and employee records

• Biometric and vendor-related data

AOA responded by securing its infrastructure, launching a formal investigation, and providing notice and support to affected individuals through a dedicated response line (1-877-280-2754).

How the Attacks Have Affected Operations

While both organizations acted quickly to contain the threats, the breaches have led to:

• Operational slowdowns as systems were taken offline for security reviews

• Patient trust issues, especially in handling sensitive medical data

• Legal and regulatory scrutiny due to the scale and nature of the stolen information

• Financial consequences associated with breach response, recovery, and potential litigation

These incidents illustrate how cyberattacks can disrupt patient care and impose long-term reputational and financial damage.

Why Cybersecurity Must Be a Priority for Healthcare Providers

Healthcare organizations are increasingly targeted by ransomware gangs due to their reliance on digital records and the high value of patient data on the dark web. Unfortunately, many smaller or regional providers lack the dedicated cybersecurity infrastructure to detect and prevent these sophisticated threats.

Protect Your Practice Before It's Too Late

The attacks on Bell Ambulance and Alabama Ophthalmology Associates are not isolated incidents—they are part of a troubling trend. If you manage a medical practice or healthcare organization, now is the time to act.

Don’t wait until you become the next headline.

Consult with cybersecurity experts like Cyber One Information Technology, who specialize in protecting healthcare networks, patient data, and operational continuity. From risk assessments and compliance audits to endpoint protection and incident response planning, Cyber One can help you build a proactive defense against today’s evolving cyber threats.

Schedule your consultation today—because your patients trust you, and you should trust your cybersecurity.

For more info visit www.CyberOneInfo.com

Contact Richard Medina, Certified Ethical Hacker https://www.linkedin.com/in/richme/