A laptop containing personal information on 5,123 patients has gone missing from an NHS hospital in Dudley.

The theft occurred on 8 January in the outpatient department at Russells Hall Hospital.

The latest data protection blunder was uncovered only when the Dudley Group of Hospitals wrote to those affected to warn them of the theft.

The hospital claims that the laptop was adequately protected and requires multiple passwords to access the data.

The NHS trust said that the laptop needs a log-in and password to switch on, and that the database containing the patient details requires a separate password.

"Clearly this is a serious issue," said Russells Hall Hospital spokesman Paul Farenden.

"We take precautions to try to protect all the IT equipment in our hospitals from theft, but given that this is a public building with thousands of people accessing it every day, there are inevitably practical difficulties around security."

Farenden said that the trust is in the process of rolling out encryption technology, following a £135,000 spend on data security. However, the laptop in question had not been upgraded before it was stolen.

Chris Mayers, chief security architect at Citrix, said that the HMRC data loss in November 2007, and the prospect of such incidents being made a criminal offence, should have been enough to create an atmosphere of increased security, but that this had clearly not happened.

"Yet again we are hearing about another scare which threatens to expose sensitive personal information," he said.