Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
---|---|
Dec. 31, 2024 | |
Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Like many companies, we face significant and persistent cybersecurity risks. The small size of our organization and limited resources could exacerbate these risks. However, we are committed to maintaining governance and oversight of these risks and to implementing standard operating procedures (“SOPs”) and training to help us assess, identify, monitor and respond to these risks. Some examples of procedures implemented include an internal inventory of software and database exposures, a risk analysis of database vendors, review of vendor back-up, security and privacy measures. In addition, we have issued a Board-approved internal cybersecurity policy which will be the basis for SOPs and training. Our internal server includes a firewall and is scanned for malware several times a day and the data are backed up in the Cloud for ease of restoration as needed. Employees are trained to avoid phishing emails and our internal controls system is designed to mitigate the risk of payments of fraudulent invoices. While we have not, as of the date of this Annual Report of Form 10-K, experienced any significant cybersecurity threats that we believe is reasonably likely to result in a material adverse impact to our business strategy, results of operations or financial condition, there can be no guarantee that we will not experience a material incident in the future. Such incidents, whether successful or not, could impair our access to critical information including confidential operational and patient records and have the potential to be costly to effect remedies. See “Item 1A- Risk Factors” for more information on our cybersecurity risks. We aim to incorporate industry best practices for companies of our size and financial strength throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and training programs to assess, identify, and manage material cybersecurity risks. Our Board has ultimate oversight of cybersecurity risk and has established a cybersecurity committee headed by our former Chief Financial Officer who is a member of our Board. As a small organization with limited resources, we do not have a dedicated cybersecurity organization or employee personnel with specific cybersecurity expertise. Our former Chief Financial Officer was chosen to head our cybersecurity committee due to more generalized management experience with financial and operating systems and previous experience with oversight of third-party providers. Our management team and our Board regularly review our cybersecurity program which generally occurs at least annually, or more frequently as determined to be necessary or advisable. |
Cybersecurity Risk Management Processes Integrated [Flag] | true |
Cybersecurity Risk Management Third Party Engaged [Flag] | false |
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | false |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | Like many companies, we face significant and persistent cybersecurity risks. The small size of our organization and limited resources could exacerbate these risks. However, we are committed to maintaining governance and oversight of these risks and to implementing standard operating procedures (“SOPs”) and training to help us assess, identify, monitor and respond to these risks. Some examples of procedures implemented include an internal inventory of software and database exposures, a risk analysis of database vendors, review of vendor back-up, security and privacy measures. In addition, we have issued a Board-approved internal cybersecurity policy which will be the basis for SOPs and training. Our internal server includes a firewall and is scanned for malware several times a day and the data are backed up in the Cloud for ease of restoration as needed. Employees are trained to avoid phishing emails and our internal controls system is designed to mitigate the risk of payments of fraudulent invoices. While we have not, as of the date of this Annual Report of Form 10-K, experienced any significant cybersecurity threats that we believe is reasonably likely to result in a material adverse impact to our business strategy, results of operations or financial condition, there can be no guarantee that we will not experience a material incident in the future. Such incidents, whether successful or not, could impair our access to critical information including confidential operational and patient records and have the potential to be costly to effect remedies. See “Item 1A- Risk Factors” for more information on our cybersecurity risks. |
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | We aim to incorporate industry best practices for companies of our size and financial strength throughout our cybersecurity program. Our cybersecurity strategy focuses on implementing effective and efficient controls, technologies, and training programs to assess, identify, and manage material cybersecurity risks. Our Board has ultimate oversight of cybersecurity risk and has established a cybersecurity committee headed by our former Chief Financial Officer who is a member of our Board. As a small organization with limited resources, we do not have a dedicated cybersecurity organization or employee personnel with specific cybersecurity expertise. Our former Chief Financial Officer was chosen to head our cybersecurity committee due to more generalized management experience with financial and operating systems and previous experience with oversight of third-party providers. Our management team and our Board regularly review our cybersecurity program which generally occurs at least annually, or more frequently as determined to be necessary or advisable. |
Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |