On Nov. 4, the U.S. District Court for the Eastern District of Michigan, Northern Division, granted preliminary approval of a settlement agreement for a class action law suit against Morley Companies, requiring the company to designate $4.3 million to compensate for damages related to a ransomware attack.[1] Morley Companies is a HIPAA business associate that provides business-process outsourcing services (e.g., customer help desk services, sales and marketing support, meeting planning) to HIPAA covered entities. The class-action lawsuit stems from a ransomware attack that occurred in August 2021, affecting a reported 521,046 individuals.[2] The protected health information affected included Social Security numbers, names, addresses, dates of birth, driver’s license numbers, client identification numbers, medical diagnostic and treatment information, and insurance information.