2 min read

Maine lawmakers introduce bill to curb cyberattacks

Picture of Abby Grifno Abby Grifno March 3, 2026

News
Maine lawmakers introduce bill to curb cyberattacks

The state has faced several major breaches and is introducing LD2103 to better equip hospitals against cyberattacks.

 

What happened

Maine has introduced Legislative Document (LD) 2103 in the Senate to encourage hospitals to plan for cyberattacks. The bill, titled “An Act Requiring Hospitals to Adopt Cybersecurity Plans,” was sponsored by Representative Julia McCabe (D-Lewiston) and would require hospitals to submit security plans, including a process to receive and record incidents and “threats of violent behavior.”

Under the new bill, submitted cybersecurity plans would include the hospital’s process for timely notification to agencies, law enforcement, patients and providers. Hospitals would also need a plan for backup communication response, a process for triage, a process for ambulance diversion, a complaint process for patients, and cybersecurity training of employees.

 

In the know

The legislation follows two major breaches in Maine; a cyberattack against Covenant Health that impacted 285,000 Maine residents, and an attack against Central Maine Healthcare that impacted 145,381 individuals and led to care disruptions.

The Maine Attorney General’s data breach portal is often used to gather data about breaches happening around the country, in part because Maine requires businesses to report cyberattacks within three days of discovery.

 

What was said

The bill has received mixed reactions. According to The Sun Journal, McCabe said, “What is plain is that there were severe breakdowns in patient care caused by the two cyberattacks…As I learned about this issues, it became clear to me that this is not a one-off, or some fluke, but part of a trend of bad actors increasingly targeting hospitals.”

Winfield Brown, president of St. Mary’s Health System, which was impacted in the Covenant Health breach, testified against the bill, calling it “duplicative” of existing measures and a costly burden to hospitals.

 

What’s next

LD2103 had a public hearing on February 24th, 2026, where individuals and experts spoke in favor and against the bill. The bill will now go through a work session before it moves to the floor for a vote by the House and Senate.

 

The big picture

Paubox reports show that cyberattacks have increased greatly over the last few years; ransomware has surged by 264% since 2018, and 73% of healthcare IT leaders expect even more breaches in the future. Healthcare organizations and officials know breaches are a big threat, but the question remains on how to resolve them. Legislation like this could set a precedent for how organizations prepare and respond to breaches. Regardless of if the legislation passes, it shows that citizens and the government alike are aware and considered about rising breaches.

 

FAQs

Why would some healthcare organizations oppose the bill?

As in the case of St. Mary’s, healthcare organizations might oppose the bill if they believe it could increase administrative burdens or costs.

 

When would the bill become a law?

The bill is expected to work its way through the committee session, which will end on April 15th, 2026. If the bill is passed, it will likely go into effect in the summer of 2026.

Send PHI securely—No portals required. The all-in-one email security suite for healthcare. HIPAA compliant email with Google and Microsoft.

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.