Single post in Account Breach incident

If it hasn't been suggested yet, a stronger password system could make us incorporate longer passwords, force reset after 'n' days, and inability to reuse the last 'n' amount of passwords. Our company passwords reset after 90 days, require at least 16 characters with a special character and number, and you cannot reuse the last 10 passwords. Albeit that's excessive, it's government related and involves health information that's temporarily stored to their account so maybe a force reset after 180 days or so wouldn't be as nagging.