|
Cybersecurity Risk Management, Strategy, and Governance
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Line Items]
|Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]
|
Item 1C. Cybersecurity
We recognize the importance of maintaining the trust and confidence of the patients we serve, our business partners, employees and our shareholders and are committed to protecting the confidentiality, integrity and reliance of our business operations and systems. Effective data protection practices, including responsible stewardship of our intellectual property and the secure processing, storage, maintenance and transmission of critical information by us and other third parties with whom we do business is vital to our operations.
Our cybersecurity practices, policies, and standards are based on recognized frameworks established by the National Institute of Standards and Technology (“NIST”) (NIST SP 800-53), the Center for Internet Security (“CIS”), along with adopting best practices from Control Objectives for Information and Related Technologies (“COBIT”) and other applicable industry standards. In general, we seek to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the information that we collect and store by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents if they occur.
Cybersecurity Risk Management and Strategy
We may face risks related to cybersecurity, such as unauthorized access, cybersecurity attacks and other security incidents, which could adversely affect our business and operations. To identify and assess material risks from cybersecurity threats, we maintain a robust cybersecurity program to ensure our systems are effective and prepared for information security risks and have integrated these processes into our overall risk management systems and processes. We also identify our cybersecurity threat risks by comparing our processes to standards set by NIST, CIS, and COBIT, as well as by engaging experts to attempt to infiltrate our information systems. We consider risks from cybersecurity threats alongside other company risks as part of our overall risk assessment process. We employ a range of tools, services and capabilities, including regular network and endpoint monitoring, audits, vulnerability assessments, penetration testing, threat modeling, disaster recovery and business continuity planning activities, red team testing, mandatory training for our employees, and tabletop exercises to inform our risk identification and assessment.
Our incident response plan coordinates the activities we take to prepare for, detect, respond to and recover from cybersecurity incidents, which include processes to triage, assess severity for, escalate, contain, investigate and remediate the incident, as well as to comply with potentially applicable legal obligations and mitigate damage to our business and reputation.
As part of the above processes, we regularly engage with consultants and other third parties, including a bi-annual review of our cybersecurity program by an independent Qualified Security Assessor.
In the last three fiscal years, we have not experienced any material cybersecurity incidents and the expenses we have incurred from cybersecurity incidents were immaterial. We describe whether and how risks from identified cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations, or financial condition, under the heading “Security breaches, cybersecurity threats, loss of data and other disruptions could compromise sensitive information related to our business, prevent us from accessing critical information or expose us to liability, which could adversely affect our business and our reputation,” in Item 1A. Risk Factors, which disclosures are incorporated by reference herein.
Cybersecurity Governance
Our Board is actively involved in oversight of our risk management activities, and cybersecurity represents an important element of our overall approach to risk management. Our Board delegates to the Audit Committee oversight of certain aspects of our risk management process, including risks related to information technology, data privacy and cybersecurity.
At least quarterly, our Audit Committee receives an update from management of our cybersecurity threat risk management and strategy processes, including recent cybersecurity incidents and related responses, cybersecurity testing, activities of third parties, and other similar matters. Our cybersecurity risk management and strategy processes are led by our Data Security Officer, Data Privacy Officer, Chief Financial Officer and General Counsel. Such individuals have collectively over 50 years of prior work experience in various roles involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs, as well as several relevant degrees and certifications.
Our Audit Committee is encouraged to regularly engage in conversations with management on cybersecurity-related news and events and discuss any updates to our cybersecurity risk management and strategy programs. Management is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. We have processes in place to ensure that our Audit Committee shall receive prompt and timely information regarding any cybersecurity incident that meets establishing reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.
|Cybersecurity Risk Management Processes Integrated [Flag]
|true
|Cybersecurity Risk Management Processes Integrated [Text Block]
|To identify and assess material risks from cybersecurity threats, we maintain a robust cybersecurity program to ensure our systems are effective and prepared for information security risks and have integrated these processes into our overall risk management systems and processes
|Cybersecurity Risk Management Third Party Engaged [Flag]
|true
|Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]
|true
|Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]
|false
|Cybersecurity Risk Board of Directors Oversight [Text Block]
|
Our Board is actively involved in oversight of our risk management activities, and cybersecurity represents an important element of our overall approach to risk management. Our Board delegates to the Audit Committee oversight of certain aspects of our risk management process, including risks related to information technology, data privacy and cybersecurity.At least quarterly, our Audit Committee receives an update from management of our cybersecurity threat risk management and strategy processes, including recent cybersecurity incidents and related responses, cybersecurity testing, activities of third parties, and other similar matters.
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|Our Board delegates to the Audit Committee oversight of certain aspects of our risk management process, including risks related to information technology, data privacy and cybersecurity.At least quarterly, our Audit Committee receives an update from management of our cybersecurity threat risk management and strategy processes, including recent cybersecurity incidents and related responses, cybersecurity testing, activities of third parties, and other similar matters.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|our Audit Committee receives an update from management of our cybersecurity threat risk management and strategy processes, including recent cybersecurity incidents and related responses, cybersecurity testing, activities of third parties, and other similar matters.
|Cybersecurity Risk Role of Management [Text Block]
|
Our Board is actively involved in oversight of our risk management activities, and cybersecurity represents an important element of our overall approach to risk management. Our Board delegates to the Audit Committee oversight of certain aspects of our risk management process, including risks related to information technology, data privacy and cybersecurity.
At least quarterly, our Audit Committee receives an update from management of our cybersecurity threat risk management and strategy processes, including recent cybersecurity incidents and related responses, cybersecurity testing, activities of third parties, and other similar matters. Our cybersecurity risk management and strategy processes are led by our Data Security Officer, Data Privacy Officer, Chief Financial Officer and General Counsel. Such individuals have collectively over 50 years of prior work experience in various roles involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs, as well as several relevant degrees and certifications.
Our Audit Committee is encouraged to regularly engage in conversations with management on cybersecurity-related news and events and discuss any updates to our cybersecurity risk management and strategy programs. Management is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan. We have processes in place to ensure that our Audit Committee shall receive prompt and timely information regarding any cybersecurity incident that meets establishing reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.
|Cybersecurity Risk Management Positions or Committees Responsible [Flag]
|true
|Cybersecurity Risk Management Positions or Committees Responsible [Text Block]
|Our cybersecurity risk management and strategy processes are led by our Data Security Officer, Data Privacy Officer, Chief Financial Officer and General Counsel. Such individuals have collectively over 50 years of prior work experience in various roles involving managing information security, developing cybersecurity strategy
|Cybersecurity Risk Management Expertise of Management Responsible [Text Block]
|Our cybersecurity risk management and strategy processes are led by our Data Security Officer, Data Privacy Officer, Chief Financial Officer and General Counsel. Such individuals have collectively over 50 years of prior work experience in various roles involving managing information security, developing cybersecurity strategy, implementing effective information and cybersecurity programs, as well as several relevant degrees and certifications.
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|Our Audit Committee is encouraged to regularly engage in conversations with management on cybersecurity-related news and events and discuss any updates to our cybersecurity risk management and strategy programs. Management is informed about and monitors the prevention, mitigation, detection, and remediation of cybersecurity incidents through their management of, and participation in, the cybersecurity risk management and strategy processes described above, including the operation of our incident response plan.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|true
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef