2021 and 2022 have been the years of frequent cyberattacks. India remains in the top 25 countries severely affected by the continuous cyber-attacks and tops the list. The healthcare department is amongst the most affected area. In 2020, the healthcare department suffered a severe impact with around 348K cyber-attacks alone on Indian healthcare infrastructure. The recent occurrence of cyber-attack on AIIMS hospital in December 2022 followed by several other incidences of data breaches have made the concerned authorities pro-active on exercising vigilance and reforming the legal and technical system to protect the health infrastructure. This paper has been developed on extensive literature and focuses on describing the nature of electronic health records, the risks they are exposed to along with as to why they are so susceptible to these cyber-risks. Furthermore, the paper also deals with different kinds of threats affecting the privacy and security of electronic health records specifically. The paper analyzes Indian legal framework, briefly compares it with international legal framework (specifically US & EU) and highlights the shortcomings in Indian legislative framework followed by laying down certain recommendations primarily highlighting the possible changes required in Indian legal framework and practices that can be adopted at organizational level to overcome and mitigate such risks.