Today, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced a settlement with Heritage Valley Health System, which provides care in Pennsylvania, Ohio, and West Virginia, concerning potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, following a ransomware attack. Ransomware and hacking are the primary cyber-threats in healthcare. Since 2018, there has been a 264 percent increase in large breaches reported to OCR involving ransomware attacks.