Drives were bought in America, the UK, Germany, France and Australia
Medical records, confidential letters and X-rays of patients in Lanarkshire have been found on second-hand computer hard drives.
Two disks bought for a study on data security contained sensitive information from Monklands and Hairmyres hospitals.
NHS Lanarkshire said the disks were disposed of in 2006 before it improved its data protection procedures.
Other disks contained bank details and information on missile defence.
Researchers from BT and the University of Glamorgan bought 300 disks from the UK, America, Germany, France and Australia at computer fairs and online auctions.
They found 34% still contained sensitive data.
Two disks bought in the UK had patient medical records, images of X-rays, medical staff shifts and sensitive and confidential staff letters relating to Monklands and Hairmyres hospitals.
In a statement, Lanarkshire Health Board said: "This study refers to hard disks which were disposed of in 2006. At that time NHS Lanarkshire had a contractual agreement with an external company for the disposal of computer equipment.
"In this instance the hard drives had been subjected to a basic level of data removal by the company and had then been disposed of inappropriately. This was clearly in breach of contract and was wholly unacceptable."
The trust has carried out a review of its policies and now no longer uses external companies to dispose of IT equipment, the statement added.
The information uncovered in the study was enough to expose individuals and firms to fraud and identity theft, said the researchers.
Professor Andrew Blyth said: "It's not rocket science - we used standard tools to analyse the data."
In addition to finding bank account details and medical records, the work unearthed job descriptions and personal identity numbers as well as data about a proposed $50bn currency exchange through Spain.
Details of test launch procedures for the Thaad (Terminal High Altitude Area Defence) ground-to-air missile defence system were found on a disk bought on eBay.
The missile system, tested as recently as March 2009 following a controversial missile test by North Korea, is designed to destroy long-range intercontinental missiles launched by terrorists or countries the US considers to be "rogue states".
Liberal Democrats justice spokesman Robert Brown said the researchers' findings backed up his view that a national identity card scheme would not work.
He said: "This is why a mega-database of personal information is a ludicrous plan, particularly in the week when the Labour Government is rolling out the ID card scheme in Manchester.
"Labour's ID card scheme will see a massive increase and centralisation of personal data held by the government.
"Labour needs to realise that public confidence in the ability of government agencies to keep our personal data safe is continually undermined by incidents like this."