Scotland Ambulance Services has been forced to apologise to some members of staff after a spreadsheet containing private data was attached to an email on 16 January.

A SAS spokesman confirmed that the email was “sent out in error” and that the incident had been reported to the Information Commissioner’s Office.

Paul Holland, CEO of Beyond Encryption commented:

“Following a previous incident back in 2018, it is very concerning to see another Scottish Ambulance Services data breach occur that could have easily been prevented with the implementation of safeguarding measures.

“In a world where email is the most commonly used communication tool within organisations, with an estimated 347 billion emails sent and received last year, it’s baffling how such a ubiquitous channel remains vulnerable to digital threats. It’s clear that organisations have still not prioritised the implementation of security measures to mitigate human error, with the ICO reporting that information emailed to the incorrect recipient is the number one cause of data incidents.

“This recent leak reflects the lack of robust cybersecurity processes in place throughout the healthcare sector, and unfortunately, the Scottish Ambulance Services are not the first to have personal data leaked in this way. As we move into an increasingly digital age, it’s vital to remember that taking the appropriate measures isn’t just a way to avoid being the next headline; it’s about recognising that the safety of personal data is sacrosanct. All organisations, especially those that store sensitive health information, must put the appropriate tools in place to protect consumers and their identities.”