The medical records of 26 million patients are embroiled in a major security breach amid warnings that the IT system used by thousands of GPs is not secure.

The Information Commissioner is investigating concerns that records held by 2,700 practices - one in three of those in England - can be accessed by hundreds of thousands of strangers.

Privacy campaigners last night said the breach was “truly devastating” with millions of patients having no idea if their records had been compromised.

GP leaders said the breach had “potentially huge implications” and could see family doctors flooded with complaints.

The investigation centres on one of the most popular computer systems used by GPs.

Unbeknown to doctors, switching on “enhanced data sharing” - so records could be seen by the local hospital - meant they can also be accessed by hundreds of thousands of workers across the country.

It means receptionists, clerical staff, healthcare assistants and medics working in pharmacies, hospitals, GP surgeries, care homes and prisons can look up sensitive information about individuals - even if there is no medical reason to do so.