An English hospital has admitted losing the confidential medical details of 800 patients on an unencrypted memory stick, a report reveals.
The memory stick went missing from East Surrey Hospital in September 2010 and was never recovered.
Details of patients' names, dates of birth and medical histories were on the stick. The loss came to light in the NHS trust's annual report.
The 800 people affected were never informed of the incident. Nine near misses, where information was lost but later recovered, were also recorded.
It is NHS trust's policy for members of staff to use encrypted memory sticks when transferring patient data, according to chief executive Michael Wilson.
"It is regrettable that this didn't happen on this occasion, and since then we have put in place new measures that mean that now only encrypted memory sticks can be used with trust computers," he said.
He added that the trust contacted the Information Commissioner's Office shortly after they realised the stick was lost to receive advice.
A spokesman for the ICO said the hospital had subsequently been warned that the trust's policy covering personal data must be followed.
"The trust was also warned that any repetition of such an incident may result in formal regulatory action," he said.
According to the trust, the member of staff who lost the stick has been taken through disciplinary procedures and has received further training.