Medline Inc. 10-K Cybersecurity GRC - 2026-02-25

Page last updated on February 25, 2026

Medline Inc. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-25 16:51:27 EST.

Filings

10-K filed on 2026-02-25

Medline Inc. filed a 10-K at 2026-02-25 16:51:27 EST
Accession Number: 0002046386-26-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have a dedicated cybersecurity team that works to prevent, detect, and respond to cybersecurity threats. The cybersecurity team is led by the Global Chief Information Security Officer ("CISO"). Our CISO has over 20 years of cybersecurity experience and maintains industry recognized security certifications. Our CISO receives reports on cybersecurity threats on an ongoing basis and regularly reviews risk management measures we've implemented to identify and mitigate data protection and cybersecurity risks. Our CISO works closely with our legal team to oversee compliance with legal, regulatory and contractual security requirements. As part of our enterprise risk management strategy , we identify, assess, and manage risks related to cybersecurity through policies, standards, and procedures. The cybersecurity team works to identify, assess, and manage cybersecurity risks by: (i) reviewing risks from cybersecurity threats with senior management; (ii) regularly reviewing cybersecurity risks and mitigation efforts, including with the Board of Directors and the Risk and Compliance Committee of the Board of Directors (the "Risk Committee") ; (iii) conducting periodic tabletop exercises to promote awareness and improve internal processes; (iv) implementing security measures and policies intended to identify and assist in containing and remediating cybersecurity risks, and (v) using third party cybersecurity experts as needed for reviews and testing. 55 Our cybersecurity team reviews and updates its information security strategy and creates plans based on identified enterprise risks. We engage with third parties in order to enhance, implement, assess and monitor our cybersecurity processes, controls, and posture. We maintain cybersecurity incident response, disaster recovery, and business continuity plans that guide activities such as preparing for, detecting, coordinating, investigating, containing, remediating, documenting, recovering from, and escalating applicable incidents to senior management and, where appropriate, relevant committees of the Board of Directors. We also conduct mandatory employee cybersecurity and privacy compliance awareness training. We identify and assess third-party risks associated with suppliers and service providers across a range of areas, including cybersecurity, through a third-party risk management process that incorporates, among other features, the use of risk assessments and, where appropriate, contractual requirements around cybersecurity, audit requirements, appropriate service levels, and other terms. As of the date of this Annual Report, we have not identified any risks from cybersecurity threats , including as a result of past cybersecurity incidents, have had, or we believe are reasonably likely to have, a material adverse effect on us, including our business strategy, results of operations, or financial condition. However, we, or third-party service providers we've engaged, may be subject to cybersecurity incidents, or other unauthorized access of information systems in the future. There can be no assurance that any future cybersecurity incident or unauthorized access to or breach of these information systems will not be material to our business, strategy, results of operations, or financial condition. For more information on risks to us from cybersecurity threats, see Part I, "Item 1A-Risk Factors-Risks Related to Regulation and Legal Proceedings." Governance The Risk Committee assists the Board of Directors in its oversight of our cybersecurity program. As part of its cybersecurity oversight, the Risk Committee oversees and regularly reviews our programs and processes for managing cybersecurity risks, including our framework for preventing, detecting, and addressing cybersecurity incidents and identifying emerging risks both broadly and within related industries. Our CISO routinely provides cybersecurity updates to the Risk Committee and information to the Board of Directors. We have protocols by which certain cybersecurity incidents that meet established reporting thresholds are escalated within the Company and, where appropriate, reported to the Board of Directors and Risk Committee, as well as ongoing updates regarding any such incident until it has been addressed.

Company Information