platform and data utilizing a combination of on-site systems, managed data center systems, and cloud-based computing center systems.
We are highly dependent on information technology networks and systems, including the internet, to securely process, transmit, and store this
critical information. Security breaches of this infrastructure, including physical or electronic break-ins, computer viruses, attacks by hackers and similar breaches, and employee or contractor error,
negligence, or malfeasance, have created, and can in the future create system disruptions, shutdowns, or unauthorized disclosure or modifications of confidential information, causing member health information to be accessed or acquired without
authorization or to become publicly available. We utilize third-party service providers for important aspects of the collection, storage, and transmission of client, user, and patient information, and other confidential and sensitive information,
and therefore rely on third parties to manage functions that have material cybersecurity risks. Because of the sensitivity of the PHI, other PII, and other confidential information, we and our service providers collect, store, transmit, and
otherwise process, the security of our technology platform and other aspects of our services, including those provided or facilitated by our third-party service providers, are important to our operations and business strategy. We take certain
administrative, physical, and technological safeguards to address these risks, such as by requiring outsourcing subcontractors who handle client, and member information for us to enter into agreements that contractually obligate those subcontractors
to use reasonable efforts to safeguard PHI, other PII, and other sensitive information. Measures taken to protect our systems, those of our subcontractors, or the PHI, other PII, or other sensitive data we or our subcontractors process or maintain,
may not adequately protect us from the risks associated with the collection, storage, and transmission of such information. Although we take steps to help protect confidential and other sensitive information from unauthorized access or disclosure,
our information technology and infrastructure may be vulnerable to attacks by hackers or viruses, failures, or breaches due to third-party action, employee negligence or error, malfeasance, or other disruptions.
A security breach or privacy violation that leads to disclosure or unauthorized use or modification of, or that prevents access to or
otherwise impacts the confidentiality, security, or integrity of, member information, including PHI or other PII, or other sensitive information we or our subcontractors maintain or otherwise process, could harm our reputation, compel us to comply
with breach notification laws, cause us to incur significant costs for remediation, fines, penalties, notification to individuals and for measures intended to repair or replace systems or technology and to prevent future occurrences, potential
increases in insurance premiums, and require us to verify the accuracy of database contents, resulting in increased costs or loss of revenue. If we are unable to prevent such security breaches or privacy violations or implement satisfactory remedial
measures, or if it is perceived that we have been unable to do so, our operations could be disrupted, we may be unable to provide access to our platform, and could suffer a loss of clients or members or a decrease in the use of our platform, and we
may suffer loss of reputation, adverse impacts on client, member, and investor confidence, financial loss, governmental investigations or other actions, regulatory or contractual penalties, and other claims and liability. In addition, security
breaches and other inappropriate access to, or acquisition or processing of, information can be difficult to detect, and any delay in identifying such incidents or in providing any notification of such incidents may lead to increased harm.
Any such breach or interruption of our systems or any of our third-party information technology partners has, and in the future could,
compromise our networks or data security processes and sensitive information could be inaccessible or could be accessed by unauthorized parties, publicly disclosed, lost, or stolen. Any such interruption in access, improper access, disclosure or
other loss of information could result in legal claims or proceedings, liability under laws and regulations that protect the privacy of member information or other personal information, and regulatory penalties. Unauthorized access, loss, or
dissemination could also disrupt our operations, including our ability to perform our services, provide member assistance services, conduct development activities, collect, process, and prepare company financial information, provide information
about our current and future solutions, and engage in other education and outreach efforts. Any such breach could also result in the compromise of our trade secrets and other proprietary information, which could adversely affect our business and
competitive position. While we maintain insurance covering certain security and privacy damages
21