Addus HomeCare Corp - (ADUS)
10-K Filing Date: February 27, 2024
Risk Management and Strategy
We recognize that cybersecurity threats pose a risk to our business. As part of the Company’s overall risk management systems and processes, we employ a risk management framework designed with the goals of identifying, assessing and managing material risks from cybersecurity threats. Key aspects of this risk management framework include, but are not limited to:
We have also implemented processes to help identify, assess and manage cybersecurity risks associated with our use of third-party service providers.
We do not believe that risks from cybersecurity threats of which we are currently aware, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations or financial condition. For additional information, see “A cyber-attack or security breach could cause a loss of confidential consumer data, give rise to remediation and other expenses, expose us to liability under HIPAA, consumer protection laws, common law and other legal theories, subject us to litigation and federal and state governmental inquiries, damage our reputation, adversely impact our financial results, and otherwise be disruptive to our business.” included in Part I, Item 1A of this Form 10-K.
Governance
Our cybersecurity risk management program is integrated into our overall risk management system and processes. Together with the Board’s standing committees, the Company’s Board of Directors is responsible for ensuring that material risks, including material cybersecurity risks, are identified and managed appropriately. The Board receives updates at least bi-annually from our Chief Information Officer concerning our information security and cyber risk strategy, cyber defense initiatives, cyber event preparedness and cybersecurity risk assessments. The Chief Information Officer has extensive IT and program management experience and works closely with our Chief Information Security Officer, who oversees our cybersecurity program on a day-to-day basis. The Chief Information Security Officer has extensive cybersecurity experience, including more than 15 years working in senior IT infrastructure and IT security roles in the healthcare sector (seven of which years were spent as the Chief Information Security Officer). Our cybersecurity incident response plan provides that the Chief Information Security Officer will work with our IT Department and the impacted segment of our business to investigate and respond to any identified incident (including by escalating the incident to the Company’s senior management and the Board depending on the nature and scope).