A HIPAA security incident involves the failure of security controls to work as intended..
There are several examples of what could be considered as a HIPAA incident.
For instance, a computer getting a virus (anti-virus should have caught it), a hard drive failing (the hardware should have predicted it) or a person using old, unnecessary access to systems (the helpdesk should have turned it off).
All breaches start as security incidents for HIPAA, but most HIPAA incidents don’t escalate to breaches.