MASIMO CORP 10-K Cybersecurity GRC - 2026-02-26

Page last updated on February 27, 2026

MASIMO CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-02-26 18:20:15 EST.

Company Summary

Masimo Corporation, a medical technology company, develops, manufactures, and markets noninvasive patient monitoring products.

Filings

10-K filed on 2026-02-26

MASIMO CORP filed a 10-K at 2026-02-26 18:20:15 EST
Accession Number: 0000937556-26-000017

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management & Strategy Cybersecurity is integral to our risk management approach. We are reliant on information technology, and any interruption, failure, or security breach-including cybersecurity incidents-could adversely impact our operations and business continuity. To address these risks, we maintain a comprehensive, risk-based cybersecurity program focused on protecting sensitive data and systems. Our approach includes: - Layered Security (defense-in-Depth) : Implementing multiple levels of controls to safeguard against cyber threats. - Employee Awareness : Delivering mandatory cybersecurity training, conducting phishing simulations, and fostering a culture of vigilance. - Proactive Monitoring and Testing : Leveraging real-time monitoring, regular vulnerability assessments, and external audits to continuously evaluate and enhance defenses. - Preparedness : Maintaining and testing business continuity and disaster recovery plans with scenarios such as simulated cyberattacks. For more information on risks related to cybersecurity and data security, see Item 1A. "Risk Factors - Risks Related to Our Regulatory Environment" and "Risk Factors - General Risk Factors". On April 27, 2025, we identified unauthorized activity on our on-premise network. As a result of this incident, certain of our manufacturing facilities temporarily operated at less than normal levels, and our ability to process, fulfill, and ship customer orders timely was temporarily impacted. We have completed restoration of our affected systems and continue to monitor our environment. We have implemented additional security measures and continue to evaluate and enhance our cybersecurity policies, procedures, and controls. We continue to evaluate and refine our cybersecurity practices to help mitigate the risk of similar incidents in the future. Key Elements of Our Cybersecurity Program Our cybersecurity program emphasizes: - Threat Awareness and Risk Identification : Engaging with industry groups and third-party experts to stay ahead of emerging threats. - Employee Training : Conducting annual training and phishing simulations to reinforce best practices. - Advanced Safeguards : Deploying comprehensive technical measures, including firewalls, intrusion detection systems, penetration tests, anti-malware, encryption, and access controls to secure our systems and data. - Vendor Management : Requiring contractual data protection safeguards and screening vendors for compliance during onboarding. - Incident Response : Maintaining up-to-date response and recovery plans, validated through regular tabletop exercises. - Compliance Standards : Adhering to recognized standards such as HITRUST, NIST CSF, ISO 27001, and PCI DSS. - Insurance : Partnering with leading insurers to maintain cyber liability coverage. Governance Our Audit Committee oversees our cybersecurity program and its alignment with overall risk management. This includes monitoring cybersecurity, data privacy and IT risks. Leadership of our cybersecurity efforts is provided by our VP, Cybersecurity & Infrastructure, a seasoned expert with over a decade of experience . This role ensures continuous program improvement and alignments with evolving threats and standards. Our executive team, including our Chief Financial Officer and Chief Information Officer, receive regular briefings on: - Cybersecurity trends and evolving threats; - Program effectiveness and risk mitigation strategies; and - Updates to regulatory and legal requirements related to data security and privacy. These briefings ensure cybersecurity considerations are integrated into strategic decisions, resource allocation, and risk mitigation planning. In accordance with our incident response plan, any material cybersecurity incidents are promptly reported to the Audit Committee to maintain transparency and oversight.

Company Information