GeneDx Holdings Corp. 10-K Cybersecurity GRC - 2026-02-23

Page last updated on February 23, 2026

GeneDx Holdings Corp. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-23 08:21:58 EST.

Filings

10-K filed on 2026-02-23

GeneDx Holdings Corp. filed a 10-K at 2026-02-23 08:21:58 EST
Accession Number: 0001818331-26-000015

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company is committed to maintaining the trust and confidence of our customers, healthcare providers, clients, business partners and employees through a cybersecurity program focused on protecting the confidentiality, security and availability of the information that we collect and store. We actively identify, prevent, detect and mitigate cybersecurity threats and are positioned to effectively respond to cybersecurity incidents. Key components of our cybersecurity program include: Risk Management and Strategy We conduct regular assessments of cybersecurity risks, continuously monitor our information systems for potential vulnerabilities, and test these systems in accordance with established cybersecurity policies, processes, and practices that are integrated within our comprehensive risk management program. To safeguard our information systems against cyber threats, we employ an array of security tools designed to identify, escalate, investigate, resolve, and facilitate timely recovery from security incidents. Our approach involves evaluating cybersecurity risks based on both their likelihood and potential impact to critical business systems and operations. High-priority cybersecurity risks are incorporated into our overall risk management framework, each accompanied by a dedicated mitigation plan. Progress on these mitigation efforts is reported to the Enterprise Risk Committee, a management committee, and monitored as part of our broader risk management initiatives, which are overseen by our Board of Directors. We partner with third-party entities, including cybersecurity assessors, consultants, and other external experts, to evaluate the effectiveness of our prevention and response mechanisms, validate identified risks, and support the development and implementation of mitigation strategies as needed. Additionally, we have established due diligence procedures for third parties with whom we engage, ensuring oversight and identification of material risks arising from cybersecurity threats associated with their services, particularly those related to cybersecurity functions. To date, the Company is not aware of any cybersecurity risks-including those stemming from previous incidents-that have materially impacted, or are reasonably likely to materially impact, our business strategy, results of operations, or financial condition. For more information on our cybersecurity risks, see "Risk Factors -Risks Related to Cybersecurity, Privacy and Information Technology ". Governance Our Board of Directors provides oversight of our risk management processes, including those related to cybersecurity, both directly and through designated committees. The Audit Committee is responsible for supervising our risk management program, focusing on key risks across short-, intermediate-, and long-term horizons. Throughout the year, Audit Committee meetings address specific areas of risk, including those associated with cybersecurity threats. The Audit Committee routinely reviews our cybersecurity risk profile in collaboration with management, including the Enterprise Risk Committee, a management committee. We maintain a risk-based approach to cybersecurity, implementing comprehensive policies across our operations aimed at addressing and mitigating cybersecurity threats and incidents. The Company's Chief Information Security Officer ("CISO") oversees the establishment and ongoing maintenance of our cybersecurity program and is responsible for assessing and managing cybersecurity risks. Our current CISO brings over 25 years of experience in technology and information security, including more than 12 years in senior roles within large hospitals and healthcare organizations, and holds the requisite education, skills, experience, and industry certifications essential for this position. The CISO delivers periodic updates regarding our cybersecurity risk profile to the Audit Committee of the Board of Directors. Artificial Intelligence Artificial intelligence ("AI") has the capacity to significantly advance various sectors of work. We are actively enhancing and expanding our offerings through AI technologies, including through the use of Fabric Genomics' AI-based platform for Next Generation Sequencing analysis, which provides interpretation and clinical reporting for rare disease, hereditary risk, and cancer testing. In addition, we are exploring strategic partnerships with third parties to provide more comprehensive solutions for providers and patients. Our commitment to leveraging AI's capabilities is matched by our dedication to safeguarding patient data in compliance with relevant data privacy regulations, as outlined in the Company's AI Guidelines. For more information on potential risks related to AI, see "Risk Factors - We use artificial intelligence in our business, and challenges with properly managing its use could result in reputational harm, competitive harm, and legal liability, and adversely affect our results of operations. "

Company Information