Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk management and strategy

We rely on our information technology to operate our business and provide our Barostim Therapy to patients. We have policies and processes designed to protect our information technology systems, some of which are managed by third parties, and resolve issues in a timely manner in the event of a cybersecurity threat or incident.

As part of our broader risk management framework, we have identified the potential cybersecurity risks to our business. We have designed our business applications and hosting services to minimize the impact that cybersecurity incidents could have on our business and have identified back-up systems where appropriate. We seek to further mitigate cybersecurity risks through a combination of monitoring and detection activities, use of anti-malware applications, employee training, quality audits and communication and reporting structures, among other processes. We have an incident response plan in place that outlines containment, eradication, and recovery plans in the event of a cybersecurity threat or incident.

We engage a third-party consultant to assist us with designing controls and our cybersecurity risk management framework. We are also engaging with a third party to perform penetration testing. We also retain third parties to assist with the monitoring and detection of cybersecurity threats and responding to any cybersecurity threats or incidents.

With respect to third parties that manage or use our information technology or data, we obtain reports to assess the security of their systems and processes. We engage in ongoing monitoring of all third-party providers to ensure compliance with our cybersecurity standards.

We have not encountered cybersecurity threats or incidents that have had a material impact on our business.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

As part of our broader risk management framework, we have identified the potential cybersecurity risks to our business. We have designed our business applications and hosting services to minimize the impact that cybersecurity incidents could have on our business and have identified back-up systems where appropriate. We seek to further mitigate cybersecurity risks through a combination of monitoring and detection activities, use of anti-malware applications, employee training, quality audits and communication and reporting structures, among other processes. We have an incident response plan in place that outlines containment, eradication, and recovery plans in the event of a cybersecurity threat or incident.

We engage a third-party consultant to assist us with designing controls and our cybersecurity risk management framework. We are also engaging with a third party to perform penetration testing. We also retain third parties to assist with the monitoring and detection of cybersecurity threats and responding to any cybersecurity threats or incidents.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

Our Board of Directors assigned specific oversight responsibility for cybersecurity to our Audit Committee, which also oversees our general risk management. The Audit Committee reviews and discusses with management our policies, practices, and risks related to information security and cybersecurity.

Our chief financial officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. Leaders of our information technology and device engineering, together with members of our finance team, comprise our Cybersecurity Committee, which meets to assess cybersecurity risks and identify new risks and assess our risk management framework on a quarterly basis. Among the members of this committee are employees who are knowledgeable about our products and systems, have prior experience managing cybersecurity risks, and maintain an active Certified Information Systems Security Professional certification.

Our chief financial officer provides an update to the Audit Committee on any risks related to cybersecurity on a quarterly basis. Our incident response plan includes notifying the Audit Committee, and then the Board of Directors, of any material threats or incidents that arise.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Audit Committee

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our chief financial officer provides an update to the Audit Committee on any risks related to cybersecurity on a quarterly basis. Our incident response plan includes notifying the Audit Committee, and then the Board of Directors, of any material threats or incidents that arise.

Cybersecurity Risk Role of Management [Text Block]

Our chief financial officer has primary responsibility for assessing, monitoring, and managing cybersecurity risks. Leaders of our information technology and device engineering, together with members of our finance team, comprise our Cybersecurity Committee, which meets to assess cybersecurity risks and identify new risks and assess our risk management framework on a quarterly basis. Among the members of this committee are employees who are knowledgeable about our products and systems, have prior experience managing cybersecurity risks, and maintain an active Certified Information Systems Security Professional certification.

Our chief financial officer provides an update to the Audit Committee on any risks related to cybersecurity on a quarterly basis. Our incident response plan includes notifying the Audit Committee, and then the Board of Directors, of any material threats or incidents that arise.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

chief financial officer

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Among the members of this committee are employees who are knowledgeable about our products and systems, have prior experience managing cybersecurity risks, and maintain an active Certified Information Systems Security Professional certification.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Leaders of our information technology and device engineering, together with members of our finance team, comprise our Cybersecurity Committee, which meets to assess cybersecurity risks and identify new risks and assess our risk management framework on a quarterly basis

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true