United Health Products, Inc. - (UEEC)

10-K Filing Date: April 01, 2024
ITEM 1C. CYBERSECURITY

 

Since 2018 the Company has been primarily focused on pursuing FDA Pre-Market Approval (PMA) for its HemoStyp products to enable it to access the Class III surgical markets and has de-emphasized its commercial operations. We have fewer than 10 employees and consultants and currently use third-party vendors and service providers for certain product development and regulatory approval activities. Most of the information generated and collected by the Company is stored and maintained by these third-party vendors and service providers. Each of these providers has demonstrated its own cybersecurity protocols which our management believes to be adequate for protecting the Company’s digital files in their possession. Our CEO (who is also one of the Company’s directors) and VP of Finance are responsible for assessing and managing cybersecurity risks. Neither of them have cybersecurity expertise. Due to the current small size and limited commercial operations of the Company, we have no formal cybersecurity policies and processes in place, however, the Board and management believe cybersecurity represents an important component of the Company’s overall approach to risk management and oversight.

 

Cybersecurity threats have not materially affected, and are not reasonably likely to affect, the Company, including its business strategy, results of operations or financial condition while we are strategically focused on pursuing FDA PMA approval and have minimal commercial operations. The Company is not aware of any material security breach to date. Accordingly, the Company has not incurred any expenses over the last two years relating to information security breaches. The occurrence of cyber-incidents, or a deficiency in our cybersecurity or in those of any of our third-party service providers could negatively impact our business by causing a disruption to our operations, a compromise or corruption of our confidential information and systems, or damage to our business relationships or reputation, all of which could negatively impact our business and results of operations. There can be no assurance that the Company's third-party vendors’ and service providers’ cybersecurity risk management processes, including their policies, controls or procedures, will be effective in protecting the Company’s systems and information.