NATIONAL HEALTHCARE CORP - (NHC)
10-K Filing Date: February 16, 2024
CYBERSECURITY
The Company’s Board of Directors takes seriously both the responsibility to guard against cybersecurity threats and its compliance with the SEC Cybersecurity regulations adopted on July 26, 2023. The Board of Directors receives an annual cybersecurity update from the Chief Information Officer (CIO) and Chief Information Security Officer (CISO) at every November Board meeting and, accordingly, received its customary detailed briefing from the CIO and CISO at its November 2, 2023 meeting. The Board also received an extensive separate briefing this year on cybersecurity threats and regulations presented by the CIO and outside expert consultants at its August 3, 2023 meeting.
The CIO reports relevant information regarding cybersecurity threats and risks to the Certification Committee, which is chaired by the Chairman of the Audit Committee. The Chairman of the Audit Committee will then elevate any matters of significance, as warranted, to the full Audit Committee. The Audit Committee can then further elevate matters to the full Board of Directors, as necessary or required.
The Company has adopted processes to identify, assess, and manage material risks from cybersecurity threats. It has also adopted processes to evaluate material effects, or reasonably likely material effects, of risks from cybersecurity threats and previous cybersecurity incidents. The Company has adopted processes to assess and evaluate the necessity of any material disclosures required on Form 8-K.
The Company’s CIO has more than 40 years of experience in information technology and cyber matters in healthcare. The Company’s CISO has 26 years in cybersecurity matters and has served as the Company’s CISO for 6 years. The Company has an Incident Response Planning Committee who will meet, as necessary, to address, identify, and manage any material cybersecurity threats. The Company also has a crisis team consisting of the Compliance Officer, General Counsel, Chief Financial Officer, Human Resources Officer, Facilities Management Administrator, and the Network Systems Administrator, which will be engaged if an event poses a significant risk to the Company.
The Company and the Board of Directors are committed to remaining updated on evolving cybersecurity regulations and best practices, as well as the development and amendment of processes to meet these changing demands.