From the ICO:
An Undertaking to comply with the First, Third and Seventh data protection principle has been signed by Norfolk Community Health & Care NHS Trust. This follows an investigation involving the inadvertent sharing of data with a referral management centre.
The data which was provided in error consisted of referrals from health care services and affected 128,842 data subjects.
View the Norfolk Community Health & Care NHS Trust undertaking (pdf)
The undertaking explains what happened in March 2014:
The data controller was engaged in a contract to provide I.T support services to the referral management centre until the end of March 2014. As part of the transition a request was made for an electronic copy of a patient database. On receipt of the database the referral management centre identified the existence of data that was not requested, nor required by them. Upon further investigation it was found that files belonging to a third party had been provided in error, with 128,842 data subjects being affected. The data consisted of referrals from health care services and was stored in the form of a system back up file.