Subsequent Events

3 Months Ended

Mar. 31, 2025

Subsequent Events [Abstract]

Subsequent Events

Subsequent event — cybersecurity incident

On April 12, 2025, the Company became aware of a ransomware incident. Upon discovery, the Company activated its response protocols and implemented containment measures, including proactively disconnecting parts of the Company's network. The Company is actively working to assess and remediate the incident with the assistance of third-party cybersecurity professionals and law enforcement. While the incident resulted in disruption to the Company's operations, it has prioritized and focused its efforts on minimizing disruption to dialysis care, and these efforts have been successful to date. The Company has been able to restore most functions, but it cannot estimate the duration or extent of the disruption at this time.

The Company is aware of the exfiltration of certain data as part of the cybersecurity incident. The Company is in the process of validating the extent and nature of the files that were involved, including the identification of Personally Identifiable Information (PII) and/or Protected Health Information (PHI) involved. Based on the Company's review, it will comply with applicable privacy notice provisions and regulations.

Based on information currently available and the investigation to date, the Company believes that this incident has not had, and is not expected to have, a material adverse impact on its ability to provide patient care or on its business, results of operations or financial condition. However, the Company's investigation remains ongoing and as a result, it does not yet know the full impact of the cybersecurity incident, including how much of the financial impact will be covered by insurance.