Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Abstract]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company prioritizes the security of its information systems and data integrity. We have developed a cybersecurity strategy to manage and mitigate potential cybersecurity risks. Our strategy is designed to safeguard our systems and data. 

Cybersecurity Risk Management and Strategy

The Company’s Information Systems Department is in charge of network construction and cybersecurity management. If a system failure, serious accident, or sign of such an accident is detected, the Information Systems Department reports to the CEO and other executives, who then consider countermeasures. The following are considered important cybersecurity issues, and countermeasures are being implemented.:

● Malware infection: There is a risk of losing sales due to information leaks or system downtime caused by unauthorized access due to malware infection. We are protecting against this by introducing email training and detection products.

● Vulnerability: There is a risk of loss of corporate trust and sales opportunities due to system downtime or information leaks caused by the exploitation of vulnerabilities in servers, etc. We are conducting vulnerability assessments for services that are open to the public, and will continue to expand the scope of these assessments in the future.

● Ransomware: If the system is infected with ransomware, there is a risk of data being encrypted, resulting in business stoppages and information leaks. We have prepared multiple backup mechanisms and recovery procedures in case of damage.

● Information leaks: If data is taken from databases or other sources due to unauthorized access or internal crime, the Company’s credibility will be lost, resulting in a loss of profits or the occurrence of compensation for damages.

● Denial of Service (DOS) attacks: There is a risk that a DOS attack could bring down our website and make it impossible to make appointments at clinics, which would have a negative impact on sales. For this reason, we have introduced a WAF to prevent malicious access and DOS attacks.

● Applying patches and upgrading: There is a risk that not applying patches and upgrades could leave the system vulnerable to attacks, allowing unauthorized access. We are taking measures by regularly updating the operating system and applying patches.

 

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

There is currently no director specializing in cybersecurity. Important cybersecurity matters are reported to the board of directors, and implementations are carried out based on the Company’s organizational chart, with the approval and oversight of the board of directors, CEO, and/or other executive officers, as applicable.