Over the past year, Britain's National Health Service (NHS) mishandled 1.8 million patient records that ended up being lost, stolen, improperly disposed of or misdirected, official statistics said.
The compiled statistics come from reports filed under the Data Protection Act, which said most of the files were lost in 16 major incidents, London's Daily Mail newspaper reported.
In some instances, records were faxed to wrong numbers. In others, more than 230 hard drives that should have been destroyed were found in Internet auctions.
The Information Commissioner’s Office (ICO), a watchdog data-protection organization that has levied more than $1 million in fines against NHS organizations in the last six months, is using the breaches as ammunition as it seeks new legislation that would empower it to audit NHS trusts and hospitals.
The compromised information affects 67,000 patients, many of whom were or are terminally ill. It included unencrypted birth dates, medical-test results, sexual orientation, occupational information and diagnoses.
Records pertaining to child patients, as well as NHS staff, were also compromised. Some of the stolen records posted online dated back to the 1950s.
The bulk of the information was compromised when a CD containing 1.6 million patient records, as well as a filing cabinet, were lost during an office move.
"The Health Service holds some of the most sensitive personal information available, so it's vitally important that patients' information is being kept secure," the ICO said.
Persons whose information was compromised are at higher than normal risk of identity theft, as personal details are often sold wholesale on underground markets.
"There is a real risk that if the NHS doesn’t sort out how it looks after patients' details, people will stop sharing information with their doctor and that could be extremely dangerous for care," Nick Pickles, director of privacy advocacy group Big Brother Watch, told the Daily Mail.
Follow Ben on Twitter @benkwx.