A significant number of NHS trusts are still failing to protect data, despite moves by the Information Commissioner's Office (ICO) to increase penalties for regulation breaches.
IT outsourcing giant Hytec estimates about 10% of all trusts in England are currently on "amber alert", implying a score of 40-69% on the Information Governance Statement of Compliance (IG SoC) approved assessment.
The NHS has accounted for about a third of data security breaches reported to the ICO since 2007, with the watchdog being given new powers in April to impose fines of up to £500,000 on offending organisations.
All NHS bodies have to complete IG SoC in order to gain access to Connecting for Health services, including the N3 network, which has 1.3 million end users.
Director of Information Security at Hytec, Alan Hunt, said: "Data security is the responsibility of everyone involved in an organisation. Some of the most common security breaches are due to lost or stolen data on portable devices, and human error when disclosing sensitive information.
"Most mistakes can be overcome through staff training and use of appropriate technology such as encryption."