United States of America: Maryland: Insurance Carriers and Managed Care Organizations Bill passed the House (SB0207/CH0231)

On 11 April 2022, the Insurance Carriers and Managed Care Organizations - Cybersecurity Standards Bill is passed by the House and is therefore adopted by the Parliament. It is based on the National Association of Insurance Commissioners (NAIC) called the Insurance Data Security Model Law that has already been adopted by 15 other US States. The Bill introduces a data security framework for insurance carriers that requires them to conduct self-evaluations of their risk profile and how to mitigate it. Based on these reports, the insurance carriers need to develop their own in-house security strategy around their data collection and storage, including the training of employees and the creation of a specific response plan for possible cyber-incidents. Finally, the insurance carriers are obligated to create a reporting system to their board of directors around their vulnerabilities, their level of compliance with the data security law, and what decisions were taken around data risk mitigation.