|
Cybersecurity Risk Management and Strategy Disclosure
|12 Months Ended
Dec. 31, 2024
|Cybersecurity Risk Management, Strategy, and Governance [Abstract]
|Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]
|The Audit Committee of the Board of Directors has oversight of our cybersecurity program and is responsible for reviewing and assessing the Company’s cybersecurity and data protection policies, procedures and resource commitment, including key risk areas and mitigation strategies.
|Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]
|As part of this process, the Audit Committee receives regular updates from the Chief Technology Officer on critical issues related to our information security risks, cybersecurity strategy, supplier risk and business continuity capabilities
|Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]
|OneMedNet
manages cybersecurity and data protection through a continuously evolving framework, as described in further detail below. The framework
allows us to identify, assess and mitigate the risks we face, and assists us in establishing policies and safeguards to protect our systems
and the information of those we serve. Our cybersecurity program is managed by James Wang, our Chief Technology Officer. James holds
a degree in computer science from the University of Hawaii at Manoa and has 19 years of development experience focused on architecture
and security. In his career, he has led initiatives for companies to attain SOC2 compliance and PCI compliance for their product solutions.
The Audit Committee of the Board of Directors has oversight of our cybersecurity program and is responsible for reviewing and assessing
the Company’s cybersecurity and data protection policies, procedures and resource commitment, including key risk areas and mitigation
strategies. As part of this process, the Audit Committee receives regular updates from the Chief Technology Officer on critical issues
related to our information security risks, cybersecurity strategy, supplier risk and business continuity capabilities. The Company’s
framework includes an incident management and response program that continuously monitors the Company’s information systems for
vulnerabilities, threats and incidents; manages and takes action to contain incidents that occur; remediates vulnerabilities; and communicates
the details of threats and incidents to management, including the Director Product Management, Head of Data, as deemed necessary or appropriate.
Pursuant to the Company’s incident response plan, any incidents are to be reported by the Chief Technology Officer to the Audit
Committee, appropriate government agencies and other authorities, as deemed necessary or appropriate, considering the actual or potential
impact, significance and scope. The Company is not aware of any cybersecurity incidents or threats that are reasonably likely to materially
affect its business strategy, results of operations, or financial condition.
We employ an array of data security technologies, processes, and methods across our infrastructure to protect systems and sensitive information from unauthorized access. OneMedNet maintains comprehensive identity and access management practices (e.g., roles and access privileges for each user; multi-factor authentication, privileged user accounts, single sign-on, user lifecycle management) and employs a variety of security information and event management tools. We developed, maintained and utilized a global integrated information security framework to guide our practices, based on relevant industry frameworks and laws, including, but not limited to NIST, GxP, HITRUST, the ISO 27000 family, COBIT, GDPR, and HIPAA.
The framework consists of policies, standards, procedures, work instructions and documentation. Information is classified into four categories to help individuals apply the right level of controls and safeguards to information, applications and systems. Our cybersecurity program focuses on all areas of our business, including cloud-based environments, data centers, devices used by employees and contractors, facilities, networks, applications, vendors, disaster recovery / business continuity and controls and safeguards enabled through business processes and tools. We continuously monitor for threats and unauthorized access.
We draw on the knowledge and insight of external cybersecurity experts and vendors, and our Chief Technology Officer’s experience in building solutions that are secure and compliant with our information security framework. OneMedNet leverages an array of security services and tools to secure OneMedNet information infrastructure and protect systems and information from unauthorized access. OneMedNet’s products and solutions, including 3rd party software and services such as hosted cloud based platforms are monitored by a healthcare cloud, security and compliance organization that provides a real-time dashboard to monitor for potential threats and vulnerabilities. Non-technical safeguards also play an important role in our cybersecurity program. We provide various training programs and tools to employees so they can avoid risky practices and help us promptly identify potential or actual issues. We also have global incident response procedures, global service tools to log incidents and issues for investigation, and an ethics line to report concerns and follow up on matters already reported. The Compliance team, led by our Chief Technology Officer, develops and implements our strategy, as well as monitors systems and devices for risks and threats.
|Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]
|false
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef
|X
- References
+ Details
Reference 1: http://www.xbrl.org/2003/role/presentationRef