Hacker’s Use of Vendor’s Credentials Reveals Systemic Failures, Leading to $1.5 Million HIPAA Settlement