Page last updated on February 13, 2026
Healthcare Realty Trust Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-13 16:16:40 EST.
Filings
10-K filed on 2026-02-13
Healthcare Realty Trust Inc filed a 10-K at 2026-02-13 16:16:40 EST
Accession Number: 0001360604-26-000018
Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!
Item 1C. Cybersecurity.
Item 1C. Cybersecurity The Company annually reviews its overall risk profile with the Audit Committee and full Board of Directors. Assessing, identifying and managing material risks from cybersecurity threats are integrated into the Company's overall risk management processes. The Audit Committee of the Company's Board of Directors has oversight in the management of risks associated with cybersecurity. The Audit Committee is briefed regularly on cybersecurity matters, including meeting with the Company's head of technology at least annually and receiving a memorandum quarterly regarding cybersecurity. In addition, the Audit Committee discusses cybersecurity with other members of management and the internal audit staff at each quarterly meeting. The Audit Committee reports to the full Board of Directors quarterly regarding cybersecurity. Management of the Company plays an integral role in assessing and managing risks from cybersecurity threats. The Company has a dedicated technology services department, led by the Company's head of technology. The Company also has an in-house internal audit staff that is involved in risk management of cybersecurity threats. The Company solicits input from key employees regarding the overall risk environment, including cybersecurity threats. The Company requires all employees to complete cybersecurity training semi-annually and periodically facilitates penetration tests on the Company's systems. The Company's head of technology reports to the Company's Executive Vice President and Chief Operating Officer. In addition, as discussed in more detail below, any cybersecurity incident is reported to the Company's legal department. 21 Although the Company's Executive Vice President and Chief Operating Officer and the members of its legal department do not have a technology services background, we believe that the Company's head of technology and technology services team possess the requisite background and experience to effectively manage the Company's cybersecurity needs. The Company also engages with third parties on an as-needed basis to advise and assist in managing cybersecurity risks. When the Company utilizes third-party services that include web-based platforms or data collection stored on third-party servers, it reviews the service provider's SOC1 attestation reports on internal controls and inquires regarding controls and procedures utilized by such third parties with respect to cybersecurity of the Company's data. The Company has in place a cybersecurity incident response plan. Procedures for addressing cybersecurity incidents include reporting incidents up to senior management, including the Company's legal department for analysis. If a cybersecurity incident were determined to be material by the Company's legal department, the Company's Audit Committee would be informed promptly and the Company's disclosure committee would address appropriate public disclosures. As noted above, management regularly reports to the Audit Committee regarding the current cyber threat environment and the controls and procedures meant to address such risks. The Company carries cyber risk insurance, but there can be no assurance that losses from a cybersecurity incident would not exceed the insurance coverage. Although the Company has not experienced a cybersecurity incident that materially affected or, to the Company's knowledge, is reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition, the Company has, from time to time, experienced threats to and breaches of its data and systems. The Company faces risks associated with security breaches through cyber attacks, cyber intrusions, or otherwise, as well as other significant disruptions of its information technology networks and related systems. These risks are described in more detail under Item 1A. Risk Factors.
Company Information
| Name | Healthcare Realty Trust Inc |
| CIK | 0001360604 |
| SIC Description | Real Estate Investment Trusts |
| Ticker | HR - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 31 |