Doctors’ Management Services agreed to settle claims it did not comply with HIPAA breach rules and failed to identify risks after a cyberattack exposed the information of more than 200,000 patients.