§ 33-105. Notification of cybersecurity event
West's Annotated Code of MarylandInsuranceEffective: October 1, 2022
Effective: October 1, 2022
MD Code, Insurance, § 33-105
§ 33-105. Notification of cybersecurity event
(a) A carrier shall notify the Commissioner as promptly as possible but in no event later than 3 business days from a determination that a cybersecurity event has occurred when either of the following criteria has been met:
(b) The carrier shall provide as much of the following information as reasonably possible:
(c) A carrier shall provide the information required under this section in electronic form as directed by the Commissioner.
(d) A carrier shall have a continuing obligation to update and supplement initial and subsequent notifications to the Commissioner concerning the cybersecurity event.
(e) A carrier shall comply with § 14-3504 of the Commercial Law Article, as applicable, and provide a copy of the notice sent to consumers under that section to the Commissioner.
Managed care organizations to provide Commissioner copies of notices and reports provided to Maryland Department of Health
(f) If a managed care organization conducts an investigation as required by the Maryland Department of Health in accordance with the managed care organization's contract with the Maryland Department of Health and determines that a cybersecurity event has occurred, the managed care organization shall provide to the Commissioner copies of all notices and reports provided to the Maryland Department of Health at the same time and in the same manner that the managed care organization provides the notices and reports to the Maryland Department of Health.
Credits
Added by Acts 2022, c. 231, § 1, eff. Oct. 1, 2022.
MD Code, Insurance, § 33-105, MD INSURANCE § 33-105
Current with all legislation from the 2023 Regular Session of the General Assembly. Some statute sections may be more current, see credits for details.
End of Document |