The Information Commissioner's Office (ICO) has found Salford Royal NHS Foundation Trust in breach of the Data Protection Act.
The trust reported the theft of a desktop computer containing sensitive personal information about 3,500 patients.
The computer was password-protected, but it was not encrypted or secured to a desk, the ICO said.
Mick Gorrill, assistant information commissioner, said, "I am increasingly concerned about the way some NHS organisations are failing to securely hold people's health and personal information."
The trust is among 140 others within the NHS to report data breaches, in which tens of thousands of patient details have been lost.
Central government has reported the second highest number of public sector data breaches at 53, followed by local authorities (60) and the rest of the public sector (72).
The private sector has reported 161 breaches, compared with the total of 325 for the whole of the public sector.
The Salford Trust has signed a formal undertaking to restrict access to areas where personal information is stored and secure desktop computers.
The trust will also ensure that any personal data on a portable device is encrypted and that personal details are not retained for longer than required.
Failure to meet the terms of the undertaking is likely to lead to enforcement action, the ICO said.