Ransomware Attacks on Bell Ambulance and Alabama Ophthalmology Associates Compromise Data of Over 245,000 Patients

Two healthcare providers, Bell Ambulance and Alabama Ophthalmology Associates, recently disclosed significant data breaches resulting from ransomware attacks, collectively affecting more than 245,000 individuals in each case.​

Bell Ambulance Breach

Milwaukee-based Bell Ambulance detected a network intrusion on February 13, 2025. The Medusa ransomware group claimed responsibility, alleging the theft of over 200 GB of data. The Department of Health and Human Services (HHS) reported that approximately 114,000 individuals were affected. Compromised information includes names, dates of birth, Social Security numbers, driver's license numbers, and medical and financial details.

Alabama Ophthalmology Associates Breach

Birmingham-based Alabama Ophthalmology Associates identified unauthorized access to its systems on January 30, 2025, with the BianLian ransomware group taking credit. The HHS indicated that over 131,000 individuals were impacted. Exposed data encompasses names, addresses, birth dates, driver's license information, Social Security numbers, and medical and insurance details.

Implications for Affected Individuals: What to Watch Out For

The exposure of sensitive personal and medical information heightens the risk of identity theft and financial fraud. Victims may experience unauthorized financial activities, fraudulent medical claims, and other forms of exploitation.​

Patients affected by the Bell Ambulance or Alabama Ophthalmology Associates data breaches or any similar ransomware attack should take the following steps to protect themselves:

1. Enroll in Free Credit Monitoring (If Offered)

Often, breached organizations will offer complimentary credit monitoring or identity theft protection services. Enroll immediately to get alerts about suspicious activity on your credit report.

2. Check for Breach Notification Letters

If your data was involved, you should receive a notification letter or email. Read it carefully to understand exactly what information was exposed and what steps the provider recommends.

3. Place Fraud Alerts

Contact one of the three major credit bureaus, such as Experian, Equifax, or TransUnion, to request a fraud alert. This warns creditors to take extra steps to verify your identity before issuing new credit.

4. Freeze Your Credit

For stronger protection, consider freezing your credit with all three bureaus. This prevents new accounts from being opened in your name without your permission.

5. Monitor Financial and Medical Accounts

Check your bank and credit card statements, insurance Explanation of Benefits (EOBs), and medical records for unfamiliar charges or activity. Unusual entries could indicate fraudulent use of your information.

 

6. File an Identity Theft Report if Necessary

If you notice signs of identity theft, file a report with the Federal Trade Commission (FTC) at identitytheft.gov. You’ll get a personalized recovery plan and documentation that helps in disputing fraudulent charges.

7. Be Cautious of Phishing Emails or Calls

Hackers may use stolen info to create convincing phishing emails or scam phone calls. Do not click links or provide additional personal data to unknown contacts, even if they seem official.

8. Speak With a Data Privacy Attorney

If you were affected, you may have legal rights. An experienced data breach attorney can help you understand whether you’re entitled to compensation for time spent resolving issues, costs of credit monitoring, and emotional distress. Morgan & Morgan offers free consultations to victims of healthcare data breaches, so don’t hesitate to contact us.

 

What to Do Next: Legal Recourse and Support

Healthcare providers are mandated to safeguard patient data under laws like the Health Insurance Portability and Accountability Act (HIPAA), and their patients trust them to do so. 

When they fail to protect their patients’ most sensitive information, they can be held liable for the resulting damages.​

If you have been notified of involvement in these breaches or suspect your information was compromised, you may be entitled to compensation for identity theft protection services, financial losses, and emotional distress.​

Morgan & Morgan is committed to assisting victims of data breaches in seeking justice and compensation. Our experienced attorneys can guide you through the legal process to hold negligent parties accountable.

Contact us today for a free case evaluation to discuss your rights and options.