MS SB2530

Mississippi Department of Information Technology Services (MDITS) must evaluate opportunities to expand the Enterprise Security Program to include local governing authorities and report findings to legislative committees, the Attorney General, and the Senate Technology Committee Chairman by November 1, 2022

Effective July 1, 2022, all state agencies and governing authorities must report any ransomware payment demands or actual payments to MDITS no later than the next business day after discovering the ransomware attack

MDITS must record all ransomware incident reports and develop a report within one business day of receiving information, then submit it to the Lieutenant Governor, Speaker of the House, Attorney General, and relevant legislative committee chairs

MDITS must provide an annual summary of all ransomware incidents by November 1 each year to legislative leadership and committee chairs

Ransomware is defined as unauthorized computer contaminants or locks that restrict access to systems or data where the responsible party demands payment to restore access or remediate the impact