A breach is
|“||[the e]ffect of or deteriorating resulting from an act of aggression or attack whose impact may be: tangible (physical or material alteration, logic malfunction, disorganization of procedures, etc.); logical (non-availability, loss of integrity, breach of confidentiality); strategic (in particular as concerns finance, additional costs for hosting, transportation, telecommunications, expertise, purchase/rental of hardware and software, personnel, outsourcing, operating losses (profit margin, cash flow, customer losses), loss of funds or goods, etc.).||”|
|“||[a] loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users and for an other than authorized purpose have access or potential access to PII, whether physical or electronic.||”|
A breach is the
|“||unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.||”|
A breach is
|“||The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations in which persons other than authorized users or authorized persons for an other than authorized purpose, have access or potential access to PII, whether non-cyber or cyber.||”|
A breach is
|“||[a]ny illegal penetration or unauthorized access to a computer system that causes damage or has the potential to cause damage.||”|
See also security breach.
- Cybersecurity Guide for Developing Countries, at 104.
- DoDD 5400.11, at 15-16.
- Pub. L. No. 111-5, §13400(1). Not included in the definition of breach are any unintentional acquisition, use, or access of PHI by an employee or other authorized individual of a covered entity or a business associate done in good faith and within the scope of employment or the relationship where such information is not breached any further; or inadvertent disclosures by authorized persons of PHI within the same facility; and information received as a result of such disclosure is not further disclosed without authorization.
- 5 FAM 463 (full-text).
- DM3595-001. at 3.