MD SB691

Establishes the Healthcare Ecosystem Stakeholder Cybersecurity Workgroup to develop strategies for preventing cybersecurity disruptions, ensuring continuous delivery of essential healthcare services, and enhancing recovery efforts following cyber incidents

Workgroup membership includes legislators, state agency officials (Maryland Health Care Commission, Insurance Administration, Emergency Management, Chief Information Security Officer), representatives from hospitals, insurers, pharmacy benefits managers, health information exchanges, and patient advocacy groups

Workgroup must identify essential healthcare capabilities required during cyberattacks, map all healthcare ecosystem entities in Maryland, develop threat and risk assessments, and review cybersecurity best practices including NIST frameworks

Interim report due by January 1, 2026, with final report of findings and recommendations due by December 1, 2026, to be submitted to the Governor, General Assembly, and relevant state officials

Act takes effect July 1, 2025, and the Workgroup provisions automatically sunset on June 30, 2027