In order to receive data protected under HIPAA by a covered entity, you have to go through an extraordinarily elaborate and complex legal process. In addition to signing an agreement that (in effect) binds you to all of the same restrictions on the data that the original covered entity (e.g. hospital/insurer) was, if you're accessing the data for research purposes, you'll have to go through an institutional review of your intended purpose and methods for the research.
Facebook does none of these, which is why they have been (rightfully) criticized for conducting unbelivably unethical studies without either user consent or institutional approval, even though both of those are typically required by all reputable universities and publishers for research.
Facebook posts are not protected under HIPAA, but they're not entirely unprotected either, and it's totally valid to refer to that breach of responsibility and trust as a breach.
 e.g. https://www.washingtonpost.com/news/morning-mix/wp/2014/07/0...
It's not Russians hacking in, it's not part of some effort to destabilize democracy, etc. That characterization and demonization is indicative of the mindset of those people and that may be even pose more danger than the breach of trust by Facebook.
True! Mostly it was information about users and their social graph collected by people voluntarily. It's distressing that people were not informed, "We're going to use this to target political propaganda at you when you" when they took personality quizzes/etc, but all the data was shared by users. FB's security isn't breached, merely their users' trust.
> it's not part of some effort to destabilize democracy, etc
I'm not sure we all agree on that. ;) The whole point was that one can use the intelligence gleaned from these users' social graphs to target memes/advertising/messaging to specific subgroups whose political responses you are hoping to influence.
I'll avoid the word "hacking" since it's used to mean a lot of different things to different people, but it absolutely could be part of an effort to destabilize or undermine (US) democracy.
What we've seen is definitely a breach of responsibility and a breach of trust. It's also probably a breach of the law, since the data Facebook collects is still subject to some protections (and it's hard to imagine how Facebook could have done all this while adhering to those). And while we don't yet know the motivation or intentions of the people involved in these actions, it could very well be motivated by an effort to destabilize or undermine US democracy. I don't see why you think those are mutually exclusive.
Do we know what data was harvested? Cause if its data that's supposed to be private then yeah, that's some murky business. If its public info, or info that can be accessed if you give an app permission to log-in, then is that really a "breach"?
I mean, it's terrible and CA was definitely misusing it, but if I install an app and it asks for permission to use my location and my contacts, and I grant them, is that a break of trust and a breach of the law on the Apple/Google front? What should Apple/Google be doing to protect my privacy?
Legit questions here; I do hope something is figured out and less people fall into this kind of trap. I've heard of Android games whose purpose actually is to harvest a ton of personal info. Apple seems to veto its apps better, and maybe that's the solution-- Facebook should veto 3rd parties better (Google should too, before something like this hits the fan).