First HIPAA Settlement for Ransomware, Fine for Phishing

The Office for Civil Rights achieved two firsts recently: a settlement agreement related to a ransomware attack on a business associate and the first fine issued for a phishing attack. Both cases hold lessons for other covered entities.