Earlier this year, the Andhra Pradesh state government website suffered two major security breaches. While one put the Aadhaar data, which included details like caste, religion, bank account number, mobile number, and ration card number, of over 1.34 lakh citizens online, the other exposed the Aadhaar details of 89 lakh MGNREGS workers. And now, an unsecured website of the Andhra Pradesh government has exposed the names and phone numbers of all the people who purchased medicine from a government-run store in the state.

According to a report by the Huffington Post, the dashboard of the Anna Sanjivini website allowed anyone people to access the names and phone numbers of people who purchased Suhagra 50, a generic version of Viagra, on June 13 from the Anna Sanjivini store in Anantpur in Rayalseema region of the state. Oops!

This glitch was discovered by initially discovered by security researcher Srinivas Kodali, who also pointed out that thousands of pages listing daily data and other data like order ID, store operational ID, customer name, customer phone number, details of the medicines purchased and money were available on the interface for anyone to see. But thankfully, the link has been taken down now.

Andhra Pradesh's carelessness in safeguarding the medical data of the citizens assumes special significance in wake of the Digital Information Security in Healthcare Act (DISHA) draft. With DISHA, Ministry of Health and Family Welfare proposes to constitute a central body called National Digital Health Authority that would adopt and promote electronic health (e-health) standards, and enforce privacy policies for storing and regulating e-health records.

Apart from this, DISHA also gives the individuals the right to withdraw their consent for storing and transmitting their health records at any point of time besides making it mandatory for the clinical establishments to notify the concerned individuals of a breach of their digital health data within three working days.

ALSO READ: Not happy with work and traffic, software engineer resigns and rides horse to office on last working day

If leaked, medication indicating possible health conditions could have serious implications in lives of the concerned individuals. In some case they can reveal medical conditions like AIDS and depression, which are considered a taboo in the Indian society. "People who are discovered by employers to have serious medical conditions can be fired, children can be treated unfairly in school due to a past or current medical condition," Pam Dixon, founder and executive director of the World Privacy Forum told the English daily.