THE North West Ambulance Service says a sharp rise in data breach incidents is down to improved reporting and staff training.
Newly released figures from Data Breach Claims UK have highlighted growing concerns about data security in ambulance services, as emergency responders are increasingly exposed to cyber risks and information-handling failures.
Data obtained by the company shows that North West Ambulance Service NHS Trust has recorded almost 400 data breach incidents over the past three years, underlining the scale of the challenge facing the service.
Ambulance trusts routinely manage highly sensitive personal information, including details shared during emergency calls, medical assessments carried out at the scene, and patient data transferred during hospital handovers.
The fast-paced nature of emergency care, combined with heavy reliance on digital systems, places ambulance services at heightened risk of data protection failures.
During the 2022/23 reporting period, the North West Ambulance Service logged 75 data breaches. This figure rose sharply to 143 incidents the following year.
Most recently, the trust has reported a further increase, with 172 breaches recorded over the past year, indicating that data security issues remain an ongoing concern.
The findings reflect wider national warnings about cyber risks facing emergency services. Earlier this year, cybersecurity firm NCC Group published research outlining the growing threat landscape, including a 15% rise in ransomware attacks during 2024, which can severely disrupt critical systems relied upon by blue light services.
As ambulance services continue to expand their use of digital technology to improve response times and patient outcomes, the volume of data processed has increased, bringing additional exposure to cyber incidents and operational errors.
Data breach solicitor for JF Law, Tekena Bobmanuel said: “Ambulance services handle some of the most sensitive personal data that exists, including medical records, emergency care notes and contact details for patients and their families. When that information is mishandled, lost, or accessed without authorisation, the consequences for those affected can be extremely distressing.”
Further analysis of Freedom of Information responses revealed the most common categories of data breaches within the North West Ambulance Service.
Data confidentiality failures were the most frequent issue, accounting for 156 incidents, followed by unauthorised or incorrect disclosure of information, which made up a further 78 cases.
Data breaches involving ambulance services can affect patients, staff, and third parties, such as relatives or carers. While cyberattacks often receive the most attention, many incidents arise from everyday problems, including IT system errors, human mistakes and lost or stolen devices containing personal data.
With digital patient records continuing to expand across the NHS, safeguarding personal information remains a significant challenge for ambulance trusts nationwide.
Failure to protect sensitive data not only risks harming individuals but also erodes public confidence and places additional financial strain on already pressured health services.
Tekena Bobmanuel added: “Many people wrongly assume that a data breach is something they simply have to accept, particularly when it involves a public service.
“In reality, UK data protection law gives individuals the right to seek compensation if a failure to protect their personal data has caused emotional harm, anxiety or financial loss.
“Claiming compensation is about accountability and ensuring that appropriate safeguards are in place to protect highly sensitive information. Where mistakes occur, affected individuals should be made aware of their rights and supported in taking action if they have suffered as a result.”
Data Breach Claims UK offers support to those whose personal data was compromised in an ambulance service data breach and can see if they have grounds to submit a claim.
They operate a 24-hour helpline and an online claim form, which you can access on their website.
In response, a North West Ambulance Service spokesperson said; “The increase is a reflection of the improved reporting. Each breach is risk assessed reviewed and investigated, lessons learnt to prevent further incidents and reported to the Information Governance and Cyber group. Over the last three years, NWAS has actively communicated the importance of reporting data breaches, however minor, amongst our staff. As part of this, we have improved their training and knowledge on the subject, and made the reporting method more accessible for mobile staff via ipads.”
