Recent updates to password guidelines from the National Institute of Standards and Technology (NIST) focus on simplifying password management for users by advising that passwords should only be changed when a compromise is suspected. NIST now recommends using longer passwords, ideally at least 15 characters, and encourages the use of passphrases. Despite these changes, many organizations still rely on passwords for regulatory reasons and due to outdated systems that limit modern authentication methods. Experts suggest that a shift towards more comprehensive identity governance strategies is essential, advocating for technologies like zero trust architectures to better safeguard against identity-based threats.

NIST Revamps Password Guidelines to Combat User Fatigue and Enhance Security Cybersecurity Dive

Epic Systems conducts "immersion trips" for its employees to visit hospitals and health systems, allowing them to observe the real-world application of their electronic health record (EHR) software. Founder Judy Faulkner noted these experiences help employees assess software effectiveness and understand customer needs while fostering empathy for healthcare professionals. The autonomy given to employees in selecting relevant software upgrades supports innovation and responsiveness, empowering them to identify necessary modifications based on firsthand observations.

Epic Systems Enhances EHR Development Through Immersion Trips for Employees Becker's Hospital Review

The finalized first part of the Health Data, Technology, and Interoperability (HTI-2) rule, effective January 15, 2025, has generated disappointment among health IT developers, as it only addresses a limited number of proposed updates. Key elements include revisions to the Trusted Exchange Framework and Common Agreement and administrative corrections; however, it lacks clarity on the certification of artificial intelligence enhancements. Despite 270 comments received by the U.S. Department of Health and Human Services (HHS) on the draft, the focus remained narrow, with updates affecting the Health IT Certification Program and specific security tagging requirements for clinical documents, leaving important questions unresolved for developers, particularly regarding Insights Measures essential for HHS compliance.

Health IT Developers Disappointed by Limited Scope of New HTI-2 Rule Healthcare IT News

PIH Health, a healthcare provider in Southern California, experienced a significant ransomware attack on December 1, leading to the theft of 17 million patient records and widespread service disruptions across its facilities. The ongoing IT and phone system outages are affecting care delivery to the 3 million residents served by the organization. Cybercriminals have threatened to publish 2 terabytes of stolen data unless PIH Health complies with their demands, though no specific ransom has been disclosed. In response, PIH Health has instituted downtime procedures to maintain emergency services, but many elective procedures may be postponed, prompting patients to bring paper records for their visits.

Ransomware Attack Hits PIH Health, Exposing 17 Million Patient Records BankInfoSecurity