MD | The Maryland Insurance Administration has issued Revised Bulletin No. 23-18.
The purpose of this Bulletin is to remind all carriers, as defined in § 33-101(c) of the Insurance Article, of the requirements of § 33-103. As of October 1, 2023, carriers are required to have in place a comprehensive written information security program based on the carrier’s risk assessment (“information security plan”) and a written incident response plan (“response plan”) designed to promptly respond to, and recover from, a cybersecurity event.