Patients’ personal details have been leaked dozens of times at hospitals in the Black Country and Staffordshire – including a computer being hacked into and a foster mother’s address being handed to the child’s parent – it was revealed today.

There have been 38 data breaches across the region’s NHS hospitals trusts in the past five years. Mid Staffordshire NHS Foundation Trust leaked sensitive information 14 times, with three breaches in October this year alone.

It had previously spent £4,900 on encrypted memory sticks to try and stop such leaks. The full extent of the leaks was revealed under the Freedom of Information Act. The three leaks in October involved a member of staff giving confidential information to a relative, a screenshot with personal information being seen by a contractor and a consultant sending out a letter to a colleague. A worker also accessed a doctor’s confidential email in June 2009.

Action was taken against just two staff across the whole region, both at Mid Staffordshire. Colin Ovington, director of nursing and midwifery, said: ‘‘We take any breach of data rules very seriously indeed – these are always reported to the relevant authorities, investigated thoroughly and corrective actions taken to prevent such incidents recurring. Where appropriate, disciplinary action is taken.”

There were no breaches at the Walsall Healthcare NHS Trust but the Dudley Group of Hospitals recorded 12 issues.

Seven saw staff or contractors breach data rules and five where details were either lost or mislaid, inclding in July 2009 a doctor giving a foster mother’s address to the biological parent.

Paula Clark, chief executive of The Dudley Group NHS Foundation Trust, said: “Protecting patient information is very important to us and we are continually reinforcing this with our staff.” At Sandwell and West Birmingham Hospitals NHS Trust, which runs City, Sandwell and Rowley Regis, there were five breaches. Despite encryption software costing the trust £51,928 over the past five years, a laptop was hacked in August 2007 .

Patient’s information was also lost off site in August 2009 and an unencrypted memory stick was lost in November last year.

There were seven leaks at The Royal Wolverhampton Hospitals NHS Trust – one in June 2010 which saw people given unauthorised access to “confidential” data. Patient details were also found on documents inside a lift in October this year.