SA Ambulance Service

Summary

SA Ambulance Service confirmed that patient data was stolen in a cyber attack in November 2021. The breach involved unauthorised access to systems containing sensitive medical and personal information about individuals who had used ambulance services in South Australia.

What Happened

In November 2021, SA Ambulance Service detected a cyber attack that resulted in the theft of patient data. The attackers gained unauthorised access to systems containing medical records and personal information of people who had called for or received ambulance services.

The breach involved actual data exfiltration, meaning patient information was copied and removed from SA Ambulance systems by the attackers. This distinguished it from incidents where system access occurred but data theft could not be confirmed.

Impact on Individuals

The theft of ambulance patient data created serious privacy and security risks:

• Medical privacy violated: Emergency medical information and health conditions exposed
• Location data: Home addresses and emergency call-out locations revealed
• Sensitive circumstances: Medical emergencies often involve highly personal or sensitive situations
• Vulnerable populations: Emergency service users may include people in crisis or vulnerable circumstances

The exposure of ambulance records is particularly sensitive as it reveals individuals at moments of medical crisis or emergency.

Organisational Response

SA Ambulance Service acknowledged the data theft and began investigating the scope of the breach. The organisation worked with cybersecurity experts and law enforcement to understand how the attack occurred and what patient information had been compromised.

The incident added to concerns about cybersecurity in South Australian health services, coming shortly after other healthcare-related breaches in the state.