More than 4,000 data breaches have been recorded across UK ambulance services over the past three years as emergency responders face growing cyber-related threats.
The scale of data security incidents affecting ambulance services across the UK is rising as emergency responders face growing digital and cyber-related threats.
Research from Data Breach Claims UK shows that more than 4,000 data breaches have been recorded by UK ambulance services over the past three years. Official figures show that ambulance services recorded 1,212 data breaches in 2022/23, rising sharply to 1,460 in 2023/24. Over the past year, reports continued to climb, with 1,521 breaches logged, indicating a sustained upward trend.
The findings come amid wider concerns about cybersecurity in emergency services. Earlier this year, cybersecurity firm NCC Group published research warning of escalating digital threats to blue light services, including a 15% increase in ransomware attacks during 2024, which can disrupt critical systems and delay emergency responses.
“Ambulance services handle some of the most sensitive personal data that exists, including medical records, emergency care notes and contact details for patients and their families,” said Tekena Bobmanuel, data breach solicitor for JF Law in Liverpool.
“When that information is mishandled, lost, or accessed without authorisation, the consequences for those affected can be extremely distressing,” he added.
Wide impact
London Ambulance Service NHS Trust recorded the largest volume, with 904 data breaches, followed by East of England Ambulance Service NHS Trust, which logged 716 incidents.
The Welsh Ambulance Service logged 675 cases, and the South Central Ambulance Service NHS Trust and the North West Ambulance Service NHS Trust logged 459 and 390 cases respectively.
Data breaches within ambulance services can impact patients, staff and third parties such as relatives or carers. While cyberattacks often attract the most attention, many incidents arise from more routine causes, including human error, IT system failures and the loss of devices containing personal data.
As digital patient records continue to expand across the NHS, maintaining robust data protection practices remains essential to preserving public trust and preventing further financial and operational strain on ambulance services nationwide.
“Many people wrongly assume that a data breach is something they simply have to accept, particularly when it involves a public service,” said Bobmanuel.
“In reality, UK data protection law gives individuals the right to seek compensation if a failure to protect their personal data has caused emotional harm, anxiety or financial loss,” he continued.
