A laptop containing 600 patient records has been stolen from the headquarters of the Scottish Ambulance Service.
The data, which was unencrypted but password protected, includes the patients' names, addresses and details of their treatment.
Scottish Ambulance Service spokesman John Morten said, "We have been running a policy of encrypting 230 laptops, of which there are 12 left to encrypt."
Chris McIntosh, CEO at encryption specialist Stonewood, said it was possible that the data could fall into the hands of criminals.
"Saying they are password protected is just not enough. The data is not safe or secure unless it is properly protected.
"In the last two years the NHS has been responsible for 30% of all data breaches," he said.
Morten said that the patients had not yet been told about the theft of their personal information as it was the subject of a police investigation.