An unsecured website of Andhra Pradesh government exposed the names and numbers of every person who purchased medicines from a government-run store, reported HuffPost India. The purchases include sensitive details about purchases of Suhagra 50, a generic version of Viagra (which is used to treat erectile dysfunction), making the privacy of this data paramount. A dashboard on the Anna Sanjivini website allowed anyone with internet access details including the names and phone numbers of every person who purchased medicines from every single such store. Anna Sanjivini Stores are generic medical stores owned by the state government but operated by individuals or self-help groups. The link has since been taken down. This vulnerability was discovered by security researcher Srinivas Kodali. It contains logs of Order ID, the Store Operator ID, Customer name, Customer phone number, details of the medicines, and the money paid. Remember that this is for each order. Andhra Pradesh's cavalier attitude to the sensitive data of people is significant with the draft Digital Information Security in Healthcare Act (DISHA). The draft bill gives citizens the right to prevent any transmission or disclosure of any sensitive health-related data that is likely to cause damage or distress to the owner. The bill also gives the right to give, refuse or withdraw consent for the storage and transmission of digital health data, with certain exceptions. According to the bill, the owner of the digital health data shall have the right to know the entities which may have or has access to their…
