25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

February 2025 Cyberattack Affected More Than 230K Bell Ambulance Patients

Posted By on Mar 10, 2026

Bell Ambulance has confirmed that the protected health information of more than 230,000 patients was compromised in a February 2025 cyberattack. Data breaches have also been reported by Northwest Medical Homes in Oregon, and the New York Plastic surgeon, Alexes Hazen, MD.

Bell Ambulance, Wisconsin

Bell Ambulance, a Milwaukee, Wisconsin-based ambulance service, has notified the Maine Attorney General that a hacking incident identified in February 2025 has affected 237,830 individuals. Bell Ambulance detected unauthorized activity within its network on February 13, 2025. Third party cybersecurity experts were engaged to investigate the data breach, and confirmed that the protected health information of 114,000 individuals had been compromised in the incident. Notification letters were sent to those individuals on April 18, 2025; however, the data review had not yet concluded.

It has taken a year to review all data potentially compromised in the incident. On January 15, 2026, additional individuals were notified that they had been affected, and the data review concluded on February 20, 2026. Additional notification letters were mailed on March 9, 2026. Data compromised in the incident included first and last names, birth dates, Social Security numbers, driver’s license numbers, financial account information, medical information, and health insurance information. Bell Ambulance has offered the affected individuals complimentary credit monitoring and identity theft protection services for 12 or 24 months as a precaution. Bell Ambulance said it is unaware of any misuse of the impacted data at the time of issuing notification letters.

Northwest Medical Homes, Oregon

Springfield, Oregon-based Northwest Medical Homes, LLC, has notified certain patients about a cybersecurity incident first identified on May 13, 2025. Third party cybersecurity experts were engaged to help secure its systems, investigate the incident, and harden and enhance system security. The investigation confirmed that patients’ protected health information may have been compromised in the incident.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach notice submitted to the California Attorney General does not state what types of data were compromised in the incident, other than names and addresses. The individual notification letters state the exact types of data compromised for each patient.

Law enforcement has been notified, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 or 24 months as a precaution. Northwest Medical Homes said it was unaware of any data misuse at the time of issuing notifications. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.

Alexes Hazen, MD, PLLC, New York

Alexes Hazen, MD, PLLC, a New York-based board-certified plastic surgeon, has recently announced a cybersecurity incident and data breach. The practice learned about the incident on or around January 20, 2026, and started working with law enforcement and third-party cybersecurity experts to determine the nature and scope of the incident.

The investigation confirmed that an unauthorized third party accessed certain computer systems between June 23, 2025, and July 15, 2025, and may have exfiltrated a limited amount of patient data. The review of the affected data is ongoing, but it has been confirmed that the types of information compromised in the incident include names, dates of birth, demographic information, Social Security numbers, government-issued ID numbers, medical histories, conditions, procedure/diagnosis information, medical information, insurance information, payment information, and photographs.

Notification letters are being mailed to the affected individuals, and steps have been taken to harden security to prevent similar incidents in the future. The breach has been reported to the HHS’ Office for Civil Rights using a placeholder figure of 500 affected individuals. The total will be updated when the file review is concluded.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist