An NHS worker lost a memory stick with the password attached containing patient information on over 6,000 prisoners.
Central Lancashire Primary Care Trust said personal details of more than 6,000 prisoners were carried on the USB memory stick, lost on 30 December.
The stick was being used to back up clinical databases at Her Majesty’s Prison Preston. The stick carried data relating to 6,360 prisoners who have been treated by local health workers since 2000.
Although the patient data held on the stick was encrypted but the password had been written on a note, stuck to the stick when it was misplaced.
A spokesman for the PCT apologized for the data loss: "We are taking this very seriously, and we would like to apologise unreservedly for any concern this incident has caused. It should never have happened".
The PCT has suspended the member of staff who lost the stick with the attached password while the investigation is carried out.
The spokesperson added: “A thorough investigation is already underway, and urgent action has been taken to prevent it happening again.” All memory sticks being used by health staff in the area have been withdrawn and a review of data protection practices has begun.
Data held on the memory stick included data on the prisoners’ ailments, such as diabetes, asthma, mental health and sexual health, but not full medical history.
In addition, the memory stick held saved documents, which include details such as prisoner surnames, their age range, cell location, prison number and clinic appointment times.
The case is the latest in a long line of data breaches by the NHS over the past year, despite the issuing of clear national guidelines on data governance use of mobile mass data storage devices, such as USB memory sticks.
In November the Information Commissioner reported that there had so far been 75 data breaches relating to the NHS and other health bodies, reported during the course of 2008.