A Data Breach is the deliberate or unintentional release of sensitive, protected, or confidential information to an unauthorized individual.
Data breaches include incidents such as theft or loss of computer tapes, hard drives, or laptops containing information that is stored, unencrypted, or posted on the internet or on a computer without appropriate information security precautions.
Data breaches include financial information such as credit card or bank details, personal health information (PHI), personally identifiable information (PII), trade secrets of corporations or intellectual property.
A number of industry guidelines and government compliance regulations mandate strict governance of sensitive or personal data to prevent data breaches. Within a healthcare environment, the Health Insurance Portability and Accountability Act (HIPAA) control who may see and use PHI such as name, date of birth, Social Security number and health history information.
If an unauthorized individual views sensitive information, the corporation or healthcare organization responsible for protecting that information is said to have experienced a data breach. If a data breach results in identity theft and/or a violation of government or industry compliance mandates, the offending organization may face fines or other civil or criminal prosecution.