HI HB2052

Prohibits government agencies, business entities, and health care entities in Hawaii from paying ransom related to cyber incidents, cyber ransom, or ransomware attacks, either directly or through third parties.

Requires all government agencies, business entities, and health care entities to report cyber incidents and ransomware attacks to the office of homeland security within a specified timeframe (specific hours not filled in the draft).

Establishes civil penalties of unspecified amounts (dollar figures not filled in the draft) for business entities and health care entities that violate the prohibition, with penalties set by the attorney general who may bring enforcement actions; government agencies are exempt from penalties.

Requires the director of homeland security to develop and maintain a publicly available list of all cybersecurity incidents and ransomware attacks reported to the office.

Appropriates unspecified general revenue funds (amount not filled in the draft) to the office of homeland security for fiscal year 2022-2023 to implement the Act.