The personal medical records of 4,000 NHS patients have been lost by Stockport Primary Care Trust, but health managers have chosen not to inform the individuals involved.
The records were on a USB stick clipped round the neck of an NHS employee when they were lost. They contained the names, dates of birth and details of medical conditions of patients of Stockport Primary Care Trust, as well as their NHS and trust numbers and details of their GPs.
The trust has since informed the Department of Health and GPs about the loss, but news only came to light publicly following a freedom of information request.
Stockport PCT chief executive Richard Popplewell said steps were taken to search for the device by retracing the path of the staff member. But it has not been found.
Popplewell said the loss was an accident rather than any systematic failing in management. He said the security of the information had been considered and the data was being carried personally to avoid having to be sent via email.
Popplewell said a balance had to be drawn between being open with patients and protecting them from unneccesary concern.
Paul Vlissidis, technical director of ethical security testing at IT consultancy NCC Group, said, "With such high levels of vulnerability there is a high chance of becoming a victim of certain threats, and any organisation that holds critical, confidential information about their customers and staff must ensure their networks are secure.
"It is a common mistake of any organisation to assume they have no enemies, but anyone could have been interested in the data they hold."
The Stockport USB stick loss follows a similar loss at a Nottingham hospital last year. That loss only came to light when a doctor revealed the incident in the British Medical Journal.