HELIUS MEDICAL TECHNOLOGIES, INC. - (HSDT)

10-K Filing Date: March 28, 2024
ITEM 1C.CYBERSECURITY

Our corporate information technology, communication networks, enterprise applications, accounting and financial reporting platforms, and related systems are necessary for the operation of our business. We use these systems, among others, to manage our product development, to communicate internally and externally, to operate our accounting and record-keeping functions, to store and access data including sensitive patient data and for many other key aspects of our business. Our business operations rely on the secure collection, storage, transmission, and other processing of proprietary, confidential, and sensitive data.

Risk Management and Strategy

We recognize the importance of assessing, identifying, and managing material risks associated with cybersecurity threats, as such term is defined in Item 106(a) of Regulation S-K. These risks include, among other things: operational risks, intellectual property theft, fraud, extortion, harm to employees, customers or patients, violation of data privacy or security laws, litigation, and legal, financial and reputational risk.

In coordination with third-party consultants, we have implemented and maintain various information security processes designed to identify, assess and manage material risks from cybersecurity threats to our critical systems and data. Depending on the environment, we implement and maintain various technical, physical, and organizational measures, processes, standards, and/or policies designed to manage and mitigate material risks from cybersecurity threats to our information systems and data, including risk assessments, incident detection and response, vulnerability management, disaster recovery and business continuity plans, internal controls within our accounting and financial reporting functions, encryption of data, network security controls, access controls, physical security, asset management, systems monitoring, vendor risk management program and employee training. We conduct annual reviews and tests of our information security program to evaluate its effectiveness and improve our security measures and planning.

To operate our business, we utilize certain third-party service providers and vendors to support a variety of functions. We seek to engage reliable, reputable service providers and vendors that maintain cybersecurity programs, and we implement a vetting process to ensure that all third-party service providers and venders comply with our cybersecurity program requirements. Depending on the nature of the services provided, the sensitivity and quantity of information processed, and the identity of the service provider, our vendor management process may include reviewing the cybersecurity practices of such provider, contractually imposing obligations on the provider, conducting security assessments, and conducting periodic reassessments during their engagement.

We are not aware of any risks from cybersecurity threats, including as a result of any cybersecurity incidents, which have materially affected or are reasonably likely to materially affect our Company, including our business strategy, results of operations, or financial condition.

Governance

Our Board of Directors holds oversight responsibility for the Company’s strategy and risk management, including material risks related to cybersecurity threats. Oversight of such cybersecurity risks is executed directly by the Board of Directors. The Board receives reports and engages in regular discussions with management regarding the Company’s significant risk exposures resulting from material cybersecurity threats and the measures implemented to monitor and reasonably manage these risks.

52

Our Director of Information Technology leads our information security organization and reports to our Chief Executive Officer and Chief Financial Officer on matters related to cybersecurity who then in turn report to the Board of Directors any material information regarding such cybersecurity matters. Our Director of Information Technology has over 30 years of IT experience and has developed a focus of experience in the healthcare industry.

© 2024 Material-Incidents. All rights reserved.