CHEMED CORP 10-K Cybersecurity GRC - 2024-02-29

Page last updated on April 11, 2024

CHEMED CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-29 09:41:07 EST.

Filings

10-K filed on 2024-02-29

CHEMED CORP filed an 10-K at 2024-02-29 09:41:07 EST
Accession Number: 0001562762-24-000045

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company treats cybersecurity risk seriously and is focused on maintaining and regularly updating the security of our systems, networks, technologies and data. The number and sophistication of attempts to disrupt or penetrate our systems continues to grow, specifically including the rapid increase of attempts against healthcare companies that was observed in early 2022. To combat the ever-increasing sophistication of cyberattacks, we continuously work to improve methods for detecting and preventing attacks. We have implemented policies and procedures and developed specific training for our employees, including regular updates and reminders, to help prevent and mitigate 20 any issues that may be caused by any attacks. Further, we regularly engage independent third-party cyber experts to test for vulnerabilities in our environment. We also conduct our own internal simulations to help assess and strengthen our defenses. We acknowledge that cyberattack risk may occur with our third-party technology service providers. High-profile cyberattacks have occurred at healthcare companies, credit bureaus, financial institutions, and other businesses for the purpose of acquiring the confidential information of individuals, including potential customers and patients. We take significant measures to prevent and mitigate issues caused by any such attacks, including outreach to our providers and other third-parties that we engage with, in order to ascertain any potential downstream implications of known breaches. The Company has integrated our cybersecurity prevention and mitigation processes into our overall risk management system and processes. The Chief Technology Officer of Roto-Rooter and the Chief Technology Officer and Chief Information Officer of VITAS are senior executives, with decades of experience in preventing, assessing and managing cybersecurity threats in the private sector as well as government. Both Roto-Rooter and VITAS employ teams of experienced cybersecurity professionals who report to the respective Chief Technology Officer and Chief Information Officer. Both businesses have security incident response plans, pursuant to which they report on the cybersecurity status of the businesses to the Company s Chief Financial Officer and Controller and Chief Legal Officer both regularly as a matter of course, as well as in the event of any potentially material incident. Additionally, Company senior management reports to the Audit Committee on cybersecurity issues on a regular basis, multiple times a year. The Audit Committee s reports to the board after these sessions, include the discussions of the cybersecurity risk management process. The reports include information on any attacks or potential breaches within the Company as well as security events at third-party providers when the breach or potential breach may affect the Company. This process allows the Company to involve both senior management and third-party service providers, including forensic analysts, other cyber experts, and outside counsel, as necessary in order to combat potential threats and help ensure appropriate and timely responses to threats, and mitigation and remediation of any incidents. To date, the increase in cyberattacks has not resulted in any material disruption of our operations or material harm to our customers or patients. However, while we have significant internal resources, policies and procedures designed to prevent or limit the effect of the possible failure, interruption or security breach of our information systems, there can be no assurance that any such failure, interruption or security breach will not occur in the future, or if they do occur, that they will be adequately addressed. Please also reference additional disclosures about cybersecurity in Item 1A Risk Factors, under both Roto-Rooter and VITAS sections.

Company Information