XML 25 R9.htm IDEA: XBRL DOCUMENT v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] We incorporate cybersecurity into our Enterprise Risk Management program. Our cybersecurity program incorporates cybersecurity processes, technologies, and controls designed to identify and manage potential material cyber risks including, but not limited to, operational risk, intellectual property theft, fraud, harm to employees, patients, or third parties, and violation of privacy or security-related laws or regulations. Our cybersecurity program is designed to be aligned with applicable industry standards set by the Center for Internet Security. Our cybersecurity program employs a range of tools and services, including regular network and endpoint monitoring, managed detection and response, system patching, managed security services, server and endpoint scheduled backups, awareness training and testing, periodic vulnerability assessment and penetration testing, to update our ongoing risk identification and mitigation efforts and is assessed periodically by independent third parties. 

Our cybersecurity program is managed by a vice president of global security and cybersecurity who reports to our Chief Executive Officer, or CEO, providing routine security program updates and briefings. The current vice president of global security and cybersecurity has more than 25 years of experience in cybersecurity, federal law enforcement, and cyber investigations, while possessing the required subject matter expertise, skills, experience, and industry certifications expected of an individual assigned to these duties. Our information security team, which includes the vice president of global security and cybersecurity, as well as additional professionals, is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, and processes. The vice president provides regular updates to our CEO and other members of management. Our board of directors has ultimate oversight of cybersecurity risk, which it manages as part of our Enterprise Risk Management program. Cybersecurity periodically provides updates to our management on cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape. Management informs the audit committee or the board of directors of risks from cybersecurity threats as necessary or advisable.

 

 

For the year ended December 31, 2024, we are not aware of any material cybersecurity incidents. While we have not, as of the date of this annual report on Form 10-K, experienced a cybersecurity threat or incident resulting in a material adverse impact to our business or operations, these threats are constantly evolving, thereby increasing the difficulty of successfully defending against them or implementing adequate preventative measures. There can be no guarantee that we will not experience such an incident in the future. We maintain cybersecurity insurance coverage that provides protection against losses arising from certain cybersecurity incidents. In addition, we seek to detect and investigate unauthorized attempts and attacks against our network, products, and services, and to prevent their occurrence and recurrence where practicable through changes or updates to our internal processes and tools and changes or updates to our products and services; however, we remain potentially vulnerable to known or unknown threats.

 
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Our cybersecurity program incorporates cybersecurity processes, technologies, and controls designed to identify and manage potential material cyber risks including, but not limited to, operational risk, intellectual property theft, fraud, harm to employees, patients, or third parties, and violation of privacy or security-related laws or regulations.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block] Our board of directors has ultimate oversight of cybersecurity risk, which it manages as part of our Enterprise Risk Management program
Cybersecurity Risk Role of Management [Text Block] Our cybersecurity program is managed by a vice president of global security and cybersecurity who reports to our Chief Executive Officer, or CEO, providing routine security program updates and briefings
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] Our information security team, which includes the vice president of global security and cybersecurity, as well as additional professionals, is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, and processes
Cybersecurity Risk Management Expertise of Management Responsible [Text Block] The current vice president of global security and cybersecurity has more than 25 years of experience in cybersecurity, federal law enforcement, and cyber investigations, while possessing the required subject matter expertise, skills, experience, and industry certifications expected of an individual assigned to these duties
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] Cybersecurity periodically provides updates to our management on cyber risks and threats, the status of projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true