North West Ambulance Service sees rise in data breach incidents

Ambulance trusts routinely manage highly sensitive personal information, including details shared during emergency calls, medical assessments carried out at the scene, and patient data transferred during hospital handovers.

The fast-paced nature of emergency care leads to a heightened risk of data protection failures. This risk is increased by the heavy reliance on digital systems in ambulance services.

During the 2022/23 reporting period, the North West Ambulance Service logged 75 data breaches. This figure rose sharply to 143 incidents the next year.

Most recently, the trust has reported a further increase. There were 172 breaches recorded over the past year. This indicates that data security issues continue to be an ongoing concern.

The findings show wider national warnings about cyber risks facing emergency services. Earlier this year, cybersecurity firm NCC Group published research outlining the growing threat landscape. The research revealed a 15% rise in ransomware attacks during 2024. These attacks can severely disrupt critical systems relied upon by blue light services.

As ambulance services continue to expand their use of digital technology to improve response times and patient outcomes, the volume of data processed has increased, bringing extra exposure to cyber incidents and operational errors.

Data breach solicitor for JF Law, Tekena Bobmanuel said: “Ambulance services handle some of the most sensitive personal data that exists, including medical records, emergency care notes and contact details for patients and their families. When that information is mishandled, lost, or accessed without authorisation, the consequences for those affected can be extremely distressing.”

Further analysis of Freedom of Information responses revealed the most common categories of data breaches within the North West Ambulance Service. 

Data confidentiality failures were the most frequent issue, accounting for 156 incidents, followed by unauthorised or incorrect disclosure of information, which made up a further 78 cases.

Data breaches involving ambulance services can affect patients, staff, and third parties, like relatives or carers. While cyberattacks often get the most attention, many incidents arise from everyday problems, including IT system errors, human mistakes and lost or stolen devices containing personal data.

With digital patient records continuing to expand across the NHS, safeguarding personal information remains a significant challenge for ambulance trusts nationwide. 

Failure to protect sensitive data not only risks harming individuals but also erodes public confidence and places additional financial strain on already pressured health services.

Tekena Bobmanuel said: “Many people wrongly assume that a data breach is something they simply have to accept, particularly when it involves a public service. 

“In reality, UK data protection law gives individuals the right to seek compensation if a failure to protect their personal data has caused emotional harm, anxiety or financial loss.

“Claiming compensation is about accountability and ensuring that appropriate safeguards are in place to protect highly sensitive information. Where mistakes occur, affected individuals should be made aware of their rights and supported in taking action if they have suffered as a result.”

Data Breach Claims UK offers support to those whose personal data was compromised in an ambulance service data breach and can see if they have grounds to submit a claim.

They operate a 24-hour helpline and an online claim form, which you can access on their website.