XML 49 R30.htm IDEA: XBRL DOCUMENT v3.25.4
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2025
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
We assess, identify and manage risks from cybersecurity threats through our Global Cybersecurity and Compliance Program (Cybersecurity Program). Cybersecurity risks identified in the Cybersecurity Program are integrated into our Enterprise Risk Management Program. In addition, the Cybersecurity Program seeks to incorporate consideration of cybersecurity risk into our product development, business strategy, financial planning and capital allocation decisions.
The Cybersecurity Program is currently overseen by the Board of Directors (Board) and is managed by our Chief Information Officer (CIO), who is currently serving as our interim Chief Information Security Officer (CISO) while we complete the search for a permanent CISO. The CISO's organization is responsible for cybersecurity strategy, policy, standards, risk-management architectures, and processes for the security of our corporate and manufacturing enterprise network, information assets and medical device technologies. Additionally, this organization provides governance and guidance related to secure-by-design principles and secure development practices for medical technologies. Our CIO has over 30 years of experience in information technology and has served in a number of professional services leadership roles, including as CIO over the past 15 years at three companies. The CISO’s organization monitors and manages, and works to identify and assess, cybersecurity risk through various technologies, resources, processes and policies that are updated as necessary to align with the changing threat landscape, our evolving business needs as well as global regulatory requirements. In addition, from time to time, we also utilize external auditors, assessors, and pen-testers to help evaluate the maturity of our Cybersecurity Program, including conducting penetration testing and vulnerability, risk, and maturity assessments. We also actively engage with industry experts, regulatory agencies, advocacy groups, industry peers, intelligence, and law enforcement communities as part of our continuing efforts to evaluate and enhance the effectiveness of our Cybersecurity Program and to stay abreast of the emerging cybersecurity landscape.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Cybersecurity risks identified in the Cybersecurity Program are integrated into our Enterprise Risk Management Program. In addition, the Cybersecurity Program seeks to incorporate consideration of cybersecurity risk into our product development, business strategy, financial planning and capital allocation decisions.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Program are integrated into our Enterprise Risk Management Program. In addition, the Cybersecurity Program seeks to incorporate consideration of cybersecurity risk into our product development, business strategy, financial planning and capital allocation decisions.The Cybersecurity Program is currently overseen by the Board of Directors (Board) and is managed by our Chief Information Officer (CIO), who is currently serving as our interim Chief Information Security Officer (CISO) while we complete the search for a permanent CISO. The CISO's organization is responsible for cybersecurity strategy, policy, standards, risk-management architectures, and processes for the security of our corporate and manufacturing enterprise network, information assets and medical device technologies. Additionally, this organization provides governance and guidance related to secure-by-design principles and secure development practices for medical technologies.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Board oversees information technology functions generally, including product related cybersecurity matters as well as our use of artificial intelligence (whether internally or in our products and services). The Audit Committee of the Board is responsible for the oversight of certain significant cybersecurity incidents, including ones related to our products and services, and, in the event of a significant cybersecurity incident, receives related updates from management on those incidents
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
The Cybersecurity Program and the CISO's organization maintain a cybersecurity governance and oversight framework that seeks to drive accountability for all levels of employees, including senior management and executive officers. Cybersecurity matters are generally managed by a combination of working groups, the cybersecurity compliance committee and ultimately the cybersecurity executive oversight committee, as appropriate. Our cross functional cybersecurity compliance committee is led by the CISO, is composed of members of senior management, including the CIO, and reviews matters such as cybersecurity escalations, critical remediations, and disclosure recommendations. The output from the cybersecurity compliance committee meetings is discussed at meetings of Baxter’s cybersecurity executive oversight committee, which is also led by the CISO's organization and includes the CEO, other members of the CEO's executive management including the CIO, Chief Financial Officer and General Counsel.
The Board oversees information technology functions generally, including product related cybersecurity matters as well as our use of artificial intelligence (whether internally or in our products and services). The Audit Committee of the Board is responsible for the oversight of certain significant cybersecurity incidents, including ones related to our products and services, and, in the event of a significant cybersecurity incident, receives related updates from management on those incidents. Consistent with this oversight responsibility, the Audit Committee is responsible for reviewing proposed disclosures in connection with any material cybersecurity incident consistent with our disclosure
obligations under Item 1.05 of Form 8-K. The full Board receives periodic updates on information technology and cybersecurity matters from management (including the CIO and CISO) and external advisors from time to time, and the Audit Committee receives periodic updates (including as part of continuing director education) on the evolving cybersecurity and artificial intelligence landscapes and regulatory reporting requirements.
We maintain and annually update a Cybersecurity Incident Response Plan, which is a guide for our Cyber Security Incident Response Team and business to respond to cybersecurity incidents in a coordinated manner. Additionally, we, in partnership with a third-party consultant, facilitate periodic cyber-crisis tabletop exercises with members of senior management (including our executive officers) to help us prepare for the occurrence of a significant cybersecurity event and our related response activities. Cybersecurity risks and threats, including any previous cybersecurity incidents, have not materially impacted us or our operations to date. However, we cannot provide any assurance that we will not be subject to a material cybersecurity incident in the future. See "Risks Relating to Our Operations—We may experience breaches and breakdowns affecting our information technology systems or protected information, including from obsolescence, cyber security breaches and data leakage” in Item 1A. Risk Factors of this Annual Report on Form 10-K for a discussion of cybersecurity-related risks.
Cybersecurity Risk Role of Management [Text Block]
The Cybersecurity Program and the CISO's organization maintain a cybersecurity governance and oversight framework that seeks to drive accountability for all levels of employees, including senior management and executive officers. Cybersecurity matters are generally managed by a combination of working groups, the cybersecurity compliance committee and ultimately the cybersecurity executive oversight committee, as appropriate. Our cross functional cybersecurity compliance committee is led by the CISO, is composed of members of senior management, including the CIO, and reviews matters such as cybersecurity escalations, critical remediations, and disclosure recommendations. The output from the cybersecurity compliance committee meetings is discussed at meetings of Baxter’s cybersecurity executive oversight committee, which is also led by the CISO's organization and includes the CEO, other members of the CEO's executive management including the CIO, Chief Financial Officer and General Counsel.
The Board oversees information technology functions generally, including product related cybersecurity matters as well as our use of artificial intelligence (whether internally or in our products and services). The Audit Committee of the Board is responsible for the oversight of certain significant cybersecurity incidents, including ones related to our products and services, and, in the event of a significant cybersecurity incident, receives related updates from management on those incidents. Consistent with this oversight responsibility, the Audit Committee is responsible for reviewing proposed disclosures in connection with any material cybersecurity incident consistent with our disclosure
obligations under Item 1.05 of Form 8-K. The full Board receives periodic updates on information technology and cybersecurity matters from management (including the CIO and CISO) and external advisors from time to time, and the Audit Committee receives periodic updates (including as part of continuing director education) on the evolving cybersecurity and artificial intelligence landscapes and regulatory reporting requirements.
We maintain and annually update a Cybersecurity Incident Response Plan, which is a guide for our Cyber Security Incident Response Team and business to respond to cybersecurity incidents in a coordinated manner. Additionally, we, in partnership with a third-party consultant, facilitate periodic cyber-crisis tabletop exercises with members of senior management (including our executive officers) to help us prepare for the occurrence of a significant cybersecurity event and our related response activities. Cybersecurity risks and threats, including any previous cybersecurity incidents, have not materially impacted us or our operations to date. However, we cannot provide any assurance that we will not be subject to a material cybersecurity incident in the future. See "Risks Relating to Our Operations—We may experience breaches and breakdowns affecting our information technology systems or protected information, including from obsolescence, cyber security breaches and data leakage” in Item 1A. Risk Factors of this Annual Report on Form 10-K for a discussion of cybersecurity-related risks.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] The Board oversees information technology functions generally, including product related cybersecurity matters as well as our use of artificial intelligence (whether internally or in our products and services). The Audit Committee of the Board is responsible for the oversight of certain significant cybersecurity incidents, including ones related to our products and services, and, in the event of a significant cybersecurity incident, receives related updates from management on those incidents
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] Our CIO has over 30 years of experience in information technology and has served in a number of professional services leadership roles, including as CIO over the past 15 years at three companies.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
The Cybersecurity Program and the CISO's organization maintain a cybersecurity governance and oversight framework that seeks to drive accountability for all levels of employees, including senior management and executive officers. Cybersecurity matters are generally managed by a combination of working groups, the cybersecurity compliance committee and ultimately the cybersecurity executive oversight committee, as appropriate. Our cross functional cybersecurity compliance committee is led by the CISO, is composed of members of senior management, including the CIO, and reviews matters such as cybersecurity escalations, critical remediations, and disclosure recommendations. The output from the cybersecurity compliance committee meetings is discussed at meetings of Baxter’s cybersecurity executive oversight committee, which is also led by the CISO's organization and includes the CEO, other members of the CEO's executive management including the CIO, Chief Financial Officer and General Counsel.
The Board oversees information technology functions generally, including product related cybersecurity matters as well as our use of artificial intelligence (whether internally or in our products and services). The Audit Committee of the Board is responsible for the oversight of certain significant cybersecurity incidents, including ones related to our products and services, and, in the event of a significant cybersecurity incident, receives related updates from management on those incidents. Consistent with this oversight responsibility, the Audit Committee is responsible for reviewing proposed disclosures in connection with any material cybersecurity incident consistent with our disclosure
obligations under Item 1.05 of Form 8-K. The full Board receives periodic updates on information technology and cybersecurity matters from management (including the CIO and CISO) and external advisors from time to time, and the Audit Committee receives periodic updates (including as part of continuing director education) on the evolving cybersecurity and artificial intelligence landscapes and regulatory reporting requirements.
We maintain and annually update a Cybersecurity Incident Response Plan, which is a guide for our Cyber Security Incident Response Team and business to respond to cybersecurity incidents in a coordinated manner. Additionally, we, in partnership with a third-party consultant, facilitate periodic cyber-crisis tabletop exercises with members of senior management (including our executive officers) to help us prepare for the occurrence of a significant cybersecurity event and our related response activities. Cybersecurity risks and threats, including any previous cybersecurity incidents, have not materially impacted us or our operations to date. However, we cannot provide any assurance that we will not be subject to a material cybersecurity incident in the future. See "Risks Relating to Our Operations—We may experience breaches and breakdowns affecting our information technology systems or protected information, including from obsolescence, cyber security breaches and data leakage” in Item 1A. Risk Factors of this Annual Report on Form 10-K for a discussion of cybersecurity-related risks.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true