Later this month, members of the public will have the opportunity to weigh in on a bill that would require Maine hospitals to develop plans for handling potential cybersecurity intrusions.
This past summer, several Maine hospitals were affected by cyberattacks, forcing several facilities throughout the state to shut down access after encountering suspicious activity in their systems.
[RELATED: Cyberattack Strikes Multiple Maine Hospitals, Remains Unclear Whether Patient Info Compromised]
Under the proposed law, hospitals would need to submit plans to the Maine Department of Health and Human Services (DHHS) detailing how they would handle “notifications, communications, continuity of care for patients and patient complaint processes in the event of a cybersecurity intrusion.”
As part of these plans, hospitals would need to provide cybersecurity training for “hospital employees and board members and organizations affiliated with the hospital.”
Cybersecurity intrusions impacting patients’ access to medical care would also be encompassed under the definition of a “sentinel event,” meaning that they would need to be reported to the state.
Currently considered sentinel events are occurrences such as wrong site surgeries or unanticipated patient deaths.
This bill, LD 2103, was sponsored by Rep. Julia A.G. McCabe (D-Lewiston) alongside a handful of other Democratic cosponsors.
The Legislature’s Committee on Health and Human Services has scheduled a public hearing for this bill on Tuesday, February 24 at 1 p.m. in Room 209 of the Cross Building, located directly across from the State House in Augusta.
