Hacking/IT Incident: Use a computer to gain unauthorized access to data in a system. Examples include server compromises, and malware infections.
Unauthorized Access/Disclosure: This is often a "catch all" category. At the most basic level it means that an unauthorized individual accessed information that they did not have authorization to view. Examples include healthcare employees viewing information that they do not have authorization, patient data exposed to the incorrect patient, identity theft by healthcare (covered entity) employee, email/fax sent to the wrong recipient, or an burglary occurs in an office and the thief may have seen patient records.
Theft: Physically obtaining access to protected health information. Examples include stolen laptops, stolen file cabinet, etc...
Improper Disposal: Insecure disposal of protected health information. Examples include putting healthcare records in the trash without shredding or donating/selling computers without erasing the data first.
Loss: Inadvertently losing protected health information. Examples include, doctor forgets laptop in a public location, organization loses a flash drive containing patient data, paper medical records lost in transit
Unknown: The breach source is unclear or has not been properly categorized. Some of these breaches are clearly one of the other categories. This category has not been used since January 2014.
Other: The breach source is unclear or has not been properly categorized. Some of these breaches are clearly one of the other categories. This category has not been used since December 2014.
Not Categorized: These breaches do not have any breach type label. We have labeled these as "Not categorized"