Just about a month ago, Rescurity, an American cyber security firm, said that personal information of 815 million Indians was being sold on the dark web. This included details such as Aadhar numbers and passport details. The persons selling this information claimed that it was from the Indian Council of Medical Research or ICMR, the country’s premier scientific research body. This is not the first time ICMR has been subject a cyber attack – 6,000 such attempts were reported just last year. The All India Institute of Medical Sciences – AIIMS in Delhi has also been hit by cyber attacks – in one ransomware case, the hackers took over the servers, encrypted the data, and made it impossible for the hospital to access its own systems. Health data consists of sensitive, personal information and once stolen, can increase the risk of digital identity theft, online banking thefts, tax frauds and other financial crimes. India was ranked fourth across the world in all malware detection in the first of 2023, as per a survey from Resucurity. Even as this is going on, the Central government launched an ambitious Ayushman Bharat Digital Initiative in 2021. During the Covid-19 pandemic, our Aadhar and other details were used for both testing and vaccination services. So how safe is our health data with the government or private health organisations? How well does the Data Protection Act, that came into force this year protect this sensitive information? Is our right to privacy over our personal information being adequately safeguarded in India?