MD HB333

Establishes the Healthcare Ecosystem Stakeholder Cybersecurity Workgroup to develop strategies for preventing cybersecurity disruptions, ensuring continuous delivery of essential healthcare services, and enhancing recovery efforts following cyber incidents

Workgroup membership includes legislators, the Maryland Health Care Commission Chairman, Maryland Insurance Commissioner, Secretary of Emergency Management, State Chief Information Security Officer, representatives from the Maryland Cybersecurity Council, and stakeholders from hospitals, insurers, pharmacy benefits managers, health information exchanges, and patient advocacy groups

Workgroup must identify essential healthcare capabilities needed during cyberattacks, map all healthcare ecosystem entities in the state, develop a cybersecurity threat and risk assessment, and review best practices including NIST frameworks

Interim report due January 1, 2026 with findings and recommendations; final report due December 1, 2026 to the Governor, General Assembly, and relevant state officials

Act takes effect July 1, 2025 and is automatically abrogated on June 30, 2027