New frameworks like the Digital Operational Resilience Act (DORA), the EU AI Act, the Network and Information Systems Directive 2 (NIS2) and the Cybersecurity Maturity Model Certification (CMMC) are reshaping how businesses handle security, risk and compliance.

The landscape of artificial intelligence (AI) and cybersecurity is undergoing significant changes due to emerging regulatory frameworks that require businesses to adapt their operations. Key regulations, including the Digital Operational Resilience Act (DORA), EU AI Act, Network and Information Systems Directive 2 (NIS2), and Cybersecurity Maturity Model Certification (CMMC), focus on enhancing security and compliance while imposing financial penalties for non-compliance. DORA, aimed at financial institutions, mandates practices like penetration testing to ensure resilience against cyber threats, while the EU AI Act establishes guidelines to address ethical concerns surrounding AI use and enforces strict penalties for violations.

AI and Cybersecurity Regulations Demand Urgent Action from Businesses Forbes

Healthcare organizations are urged to implement a privileged access model to mitigate ransomware threats, a strategy that necessitates collaboration between IT and security teams and organization-wide support. Erik Decker, Chief Information Security Officer at Intermountain Health, underscores the importance of safeguarding systems like Active Directory, which are commonly targeted by attackers seeking to escalate privileges and access sensitive information. By adopting a secure-by-design approach grounded in established security principles, Intermountain Health aims to reduce credential exposure and bolster its cybersecurity defenses against tactics frequently employed by cybercriminals.

Healthcare Organizations Urged to Adopt Privileged Access Model to Combat Ransomware Healthcare IT News

Vermont has enacted a new bill requiring all hospitals to create comprehensive security plans to prevent workplace violence, effective July 1. Signed by Governor Phil Scott, the law mandates hospitals to form development teams that include healthcare workers and law enforcement, ensuring a collaborative approach to security informed by a risk assessment. Additionally, hospitals must appoint a trained employee in trauma-informed care and victim support to facilitate communication with law enforcement in violent incidents, aiming to enhance safety for both staff and patients.

Vermont Enacts New Bill to Boost Healthcare Workplace Safety Becker's Hospital Review

Epic Systems has seen significant growth in the U.S. acute care EHR market, achieving its largest net gain in market share in 2024 despite a slight overall market decline, as indicated in the latest KLAS report. The company secured contracts with ten major health systems, including ChristianaCare and UAB Health, bolstered by a strong reputation for customer partnership. Conversely, Oracle Health, Epic's main competitor, struggled with a net loss of 74 clients despite gaining nine new contracts, as customer loyalty and relationship ratings fell post-Cerner acquisition. However, some customers express cautious optimism about Oracle's new product offerings, including the Clinical AI Agent.

Epic Systems Seizes Market Lead in U.S. EHR Sector Amidst Competition Healthcare IT News