Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

We recognize the importance of maintaining the trust and confidence of our investors, patients, business partners, and employees. Our board of directors are actively involved in the oversight of our risk management program, and cybersecurity represents an important component of our overall approach to enterprise risk management (“ERM”). Our cybersecurity policies, standards, processes, and practices are fully integrated into our ERM program and are based on recognized frameworks established by the National Institute of Standards and Technology, the international organization for standardization. In general, we seek to address cybersecurity risks through a comprehensive cross-functional approach that is focused on preserving the confidentiality, security, and availability of the information that we collect and store by identifying, preventing, and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur.

Our cybersecurity program includes the following key elements:

●

Collaborative Approach

We have implemented a comprehensive cross-functional approach to identifying, preventing, and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner.

●

Technical Safeguards

We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

●

Incident Response and Recovery Planning

We have established and maintain comprehensive incident response and recovery plans that address our response to a cybersecurity incident, and such plans are tested and evaluated on a regular basis.

●

Third-Party Risk Management

We maintain a comprehensive risk-based approach to identifying and overseeing cybersecurity risks presented by third-parties, including vendors, service providers, and other external users of our systems, as well as the systems of third-parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems.

●

Education and Awareness

We provide regular mandatory training for employees regarding cybersecurity threats as a means to equip our employees with effective tools and education to address cybersecurity threats and to communicate our evolving information security policies, standards, processes, and practices.

Cybersecurity Risk Management Processes Integrated [Text Block]

●

Collaborative Approach

We have implemented a comprehensive cross-functional approach to identifying, preventing, and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner.

●

Technical Safeguards

We deploy technical safeguards that are designed to protect our information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality, and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

●

Incident Response and Recovery Planning

We have established and maintain comprehensive incident response and recovery plans that address our response to a cybersecurity incident, and such plans are tested and evaluated on a regular basis.

●

Third-Party Risk Management

We maintain a comprehensive risk-based approach to identifying and overseeing cybersecurity risks presented by third-parties, including vendors, service providers, and other external users of our systems, as well as the systems of third-parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems.

●

Education and Awareness

We provide regular mandatory training for employees regarding cybersecurity threats as a means to equip our employees with effective tools and education to address cybersecurity threats and to communicate our evolving information security policies, standards, processes, and practices.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

One of the key functions of our board of directors is informed oversight of our ERM, including risks from cybersecurity threats. Our board of directors receive regular presentations and reports on our cybersecurity risks, which have pertained to a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to our peers and third-parties. The board of directors also receive prompt and timely information regarding any cybersecurity incident that meets reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed and resolved.

On an annual basis, the board of directors discuss our approach to cybersecurity risk management with management which includes our Chief Information Officer (“CIO”). Our CIO has overall operational responsibility for our cybersecurity risk management. To facilitate the success of our cybersecurity risk management program, we have an Infrastructure, Operations & Security Team (“IOS Team”) that is tasked with the responsibility to design, implement, and manage systems, processes, and policies to defend against cybersecurity threats and to respond to cybersecurity incidents. Working collaboratively across our Company, the IOS Team implements and maintains a program designed to protect our information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with our incident response and recovery plans.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our board of directors receive regular presentations and reports on our cybersecurity risks, which have pertained to a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends, and information security considerations arising with respect to our peers and third-parties

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

On an annual basis, the board of directors discuss our approach to cybersecurity risk management with management which includes our Chief Information Officer (“CIO”).