Cyber Incident Victim: St. John Ambulance

On July 2, 2019, at 9:00 AM, St. John Ambulance detected a ransomware attack that temporarily blocked staff access to its systems. The organization resolved the incident within thirty minutes of identification. The attack specifically targeted the system responsible for booking training courses, which the charity described as a "data incident" in its public communications. St. John Ambulance confirmed the compromise of personal data including names, invoicing details, and driving license information stored within the affected training course delivery system. The organization emphasized that credit card data remained secure as it was processed externally through Barclaycard SmartPay. Systems unrelated to training operations—including ambulance operations, volunteer management, clinical data, patient records, supplies, and events—remained unaffected by the breach.

St. John Ambulance promptly notified the UK Information Commissioner's Office, Charity Commission, and police about the attack. The organization maintained confidence that no compromised data had been externally shared beyond its systems. In public FAQs, St. John highlighted its ongoing collaboration with third-party cybersecurity partners and implementation of crime prevention solutions to maintain system protections. The incident coincided with parliamentary discussions on NHS cybersecurity risks presented to the House of Lords on the same date. Security analyst Javvad Malik acknowledged St. John's transparent notification process and containment of the attack to a segregated training system, while suggesting phishing as a potential infection vector based on common ransomware intrusion patterns. No ransom demands or financial impacts were disclosed in the organization's statements regarding the resolved incident.