VIEMED HEALTHCARE, INC. 10-K Cybersecurity GRC - 2026-03-04

Page last updated on March 4, 2026

VIEMED HEALTHCARE, INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2026-03-04 16:50:05 EST.

Filings

10-K filed on 2026-03-04

VIEMED HEALTHCARE, INC. filed a 10-K at 2026-03-04 16:50:05 EST
Accession Number: 0001729149-26-000009

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity Risk Management and Strategy We have implemented robust processes and policies designed to assess, identify, and effectively manage material risks associated with cybersecurity threats. Our cybersecurity program is designed and evaluated based on recognized frameworks such as the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS). These frameworks guide our focus on: (i) cultivating organizational understanding to manage cybersecurity risks, (ii) implementing safeguards to protect our systems, (iii) promptly detecting cybersecurity incidents, (iv) responding effectively to incidents, and (v) ensuring a swift recovery from any cybersecurity event. Where appropriate, these processes and policies are seamlessly integrated into our overarching risk management systems. We strive to improve our information technology systems continually, and we prioritize enhancing our defenses through employee awareness training, specifically targeting areas such as phishing, malware, and other cyber risks. To reinforce our cybersecurity posture, we enlist independent consultants, third-party experts, and service providers to assist in the establishment and enhancement of our cybersecurity program. Regular tabletop exercises, conducted at least annually, test the effectiveness of our processes, with senior management actively participating. Valuable insights gained from these exercises are incorporated to refine and bolster our cybersecurity measures. Identification of critical third-party relationships that may present heightened cybersecurity risk is an integral part of our risk management program. Upon identification, we conduct thorough due diligence to manage these relationships. Our comprehensive insurance portfolio includes cybersecurity insurance to provide an additional layer of protection. For further insights into the cybersecurity risks we confront, please refer to Item 1A. Risk Factors - "We rely significantly on information technology and any failure, inadequacy, interruption or security lapse of that technology, including any cybersecurity incidents, could harm our ability to operate our business effectively". Governance The Board oversees our risk management process, including cybersecurity risks, directly and through its committees. The Corporate Governance and Nominating Committee of the Board is responsible for the oversight of cybersecurity-related risks and regularly receives quarterly reports from management on our cybersecurity threat risk management and strategy processes. The Corporate Governance and Nominating Committee reviews issues concerning our data security posture, results from third-party assessments, progress towards pre-determined risk-mitigation-related goals, incident response plans, and cybersecurity threat risks or incidents and developments, as well as the steps management has taken to respond to these risks. Our information systems management team, comprising the Chief Information Officer (CIO) and Chief Information Security Officer (CISO), collectively possesses over 50 years of extensive experience in information technology and cybersecurity. Prior to joining the Company, our CIO held information technology leadership roles, including at a publicly traded company, and our CISO held information technology and cybersecurity roles in healthcare services and healthcare technology organizations. They have collectively obtained various industry-recognized certifications, including the Certified Security Compliance Specialist, Certified Cyber Security Architect, and Certified HIPAA Professional designations. The CISO holds the position of the Information Security Officer and directs cybersecurity operations. To enhance governance and oversight, we have established a Security Oversight Committee, chaired by the Information Security Officer and joined by key stakeholders such as our CIO and General Counsel. This committee convenes regularly, typically on a semi-monthly basis, to foster alignment and cooperation on security-related issues . We have adopted a comprehensive Cybersecurity Incident Response Plan to direct our responses to cybersecurity events in a prompt, effective, and well-coordinated manner. The plan designates a primary manager for each incident and outlines the communication processes, containment strategies, eradication measures, and recovery protocols. Depending on the severity of a cybersecurity incident, senior management and the Board are promptly notified and kept informed of mitigation and remediation efforts. We have not identified any risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect our operations, business strategy, regulatory compliance, results of operations, or financial condition. Page 27

Company Information