
U.S. Department of Health and Human Services – Breach Portal - OrgNet
https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
======
maxheadroom
This will probably seem very pedantic but aren't " _Unauthorized Access
/Disclosure_" and " _Hacking /IT Incident_" pretty much the same things?

~~~
slowmovintarget
No. Unauthorized access or disclosure can happen when someone with legitimate
access to the system gets access to more data than they should see. For
example, a patient logs on to the system to view their own record and sees
records for other patients. Logs would show this, and this would have to be
disclosed.

Deliberate penetration of the system, or purposeful exfiltration of the data,
are very different occurences.

