Isle of Wight NHS PCT is now looking at 'moving rapidly' to encryption and is recommending this to all practices.
The PCT is also considering having back-up tapes verified locally or having software experts test them in GPs' surgeries rather than couriering them to London.
The data loss came to light when Sandown practice manager Karen Hermans routinely checked why a computer tape sent to London-based In Practice Systems for back-up verification at the beginning of March was not back at the practice two months later.
City Link has confirmed the tape has not been found.
The practice and PCT have sent letters to 11,500 patients reassuring them that the risk of data release is 'extremely small' because their records are password-protected and can only be read using GP software programmes.
There is uncertainty over who should take action against companies that breach security regulations. The DoH said: 'The NHS locally need to be open about action against anyone responsible for breaching our strict data protection rules.'
A spokesman for Isle of Wight NHS PCT said that the contract was between In Practice Systems and Connecting for Health.
In Practice Systems was not available for comment.
Comment below and tell us what you think