Bill Text: NY S06806 | 2021-2022 | General Assembly | Introduced
NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2022-02-01 - REPORTED AND COMMITTED TO VETERANS, HOMELAND SECURITY AND MILITARY AFFAIRS [S06806 Detail]
Download: New_York-2021-S06806-Introduced.html
Bill Title: Prohibits governmental entities, business entities and health care entities from paying a ransom in the event of a cyber incident or a cyber ransom or ransomware attack.
Spectrum: Partisan Bill (Democrat 1-0)
Status: (Introduced - Dead) 2022-02-01 - REPORTED AND COMMITTED TO VETERANS, HOMELAND SECURITY AND MILITARY AFFAIRS [S06806 Detail]
Download: New_York-2021-S06806-Introduced.html
STATE OF NEW YORK ________________________________________________________________________ 6806 2021-2022 Regular Sessions IN SENATE May 18, 2021 ___________ Introduced by Sen. SAVINO -- read twice and ordered printed, and when printed to be committed to the Committee on Internet and Technology AN ACT to amend the state technology law, in relation to the payment of ransom in the event of a cyber incident or a cyber ransom or ransom- ware attack The People of the State of New York, represented in Senate and Assem- bly, do enact as follows: 1 Section 1. The state technology law is amended by adding a new article 2 4 to read as follows: 3 ARTICLE IV 4 CYBER SECURITY INCIDENTS 5 Section 401. Payment of ransom; cyber incident, cyber ransom or ransom- 6 ware. 7 § 401. Payment of ransom; cyber incident, cyber ransom or ransomware. 8 1. For the purpose of this section: 9 a. "Cyber incident" means the compromise of the security, confiden- 10 tiality, or integrity of computerized data due to the exfiltration, 11 modification, or deletion that results in the unauthorized acquisition 12 of and access to information maintained by a governmental entity, busi- 13 ness entity, or health care entity. 14 b. "Cyber ransom or ransomware" means a type of malware that encrypts 15 or locks valuable digital files and demands a ransom to release the 16 files. 17 c. "Governmental entity" shall mean any state, city, town or village 18 or local department, board, bureau, division, commission, committee, 19 school district, public authority, public benefit corporation, council 20 or office, including all entities defined pursuant to section two of the 21 public authorities law. Such term shall include the state university of EXPLANATION--Matter in italics (underscored) is new; matter in brackets [] is old law to be omitted. LBD11518-01-1S. 6806 2 1 New York and the city university of New York as well as the state legis- 2 lature, the judiciary or state and local legislatures. 3 d. "Business entity" shall mean any legal entity that conducts busi- 4 ness in the state of New York. 5 e. "Health care entity" shall mean hospitals, nursing homes, home 6 care, hospice and any other health care facilities regulated by the 7 department of health. 8 2. No governmental entity, business entity or health care entity with- 9 in the state shall pay, or have another entity pay on their behalf, 10 ransom in the event of a cyber incident or a cyber ransom or ransomware 11 attack. 12 3. All governmental entities shall report any cyber incidents and 13 cyber ransom or ransomware attacks to the New York state division of 14 homeland security and emergency services. 15 4. A fine of up to ten thousand dollars for each affected party per 16 incident may be issued for any violation of subdivision two of this 17 section. 18 § 2. This act shall take effect immediately.
