Healthcare Realty Trust Inc 10-K Cybersecurity GRC - 2024-02-16

Page last updated on July 16, 2024

Healthcare Realty Trust Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-02-16 06:34:31 EST.

Filings

10-K filed on 2024-02-16

Healthcare Realty Trust Inc filed a 10-K at 2024-02-16 06:34:31 EST
Accession Number: 0001360604-24-000026

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity The Company annually reviews its overall risk profile with the Audit Committee and full Board of Directors. Assessing, identifying and managing material risks from cybersecurity threats are integrated into the Company’s overall risk management processes. The Audit Committee of the Company’s Board of Directors has oversight in the management of risks associated with cybersecurity. The Audit Committee is briefed regularly on cybersecurity matters, including meeting with the Company’s Chief Technology Officer at least annually and receiving a memorandum quarterly regarding cybersecurity. In addition, the Audit Committee discusses cybersecurity with other members of management and the internal audit staff at each quarterly meeting. The Audit Committee reports to the full Board of Directors quarterly regarding cybersecurity. Management of the Company plays an integral role in assessing and managing risks from cybersecurity threats. The Company has a dedicated technology services department, led by the Company’s Chief Technology Officer. The Company also has an in-house internal audit staff that is involved in risk management of cybersecurity threats. The Company solicits input from key employees regarding the overall risk environment, including cybersecurity threats. The Company requires all employees to complete cybersecurity training semi-annually and periodically facilitates penetration tests on the Company’s systems. The Company’s Chief Technology Officer reports to the Executive Vice President - Operations. In addition, as discussed in more detail below, any cybersecurity incident is reported to the Company’s legal department. While the 21 Company’s Executive Vice President - Operations and the members of its legal department do not have a technology services background, we believe that the Company’s Chief Technology Officer and technology services team possess the requisite background and experience to effectively manage the Company’s cybersecurity needs. The Company also engages with third parties on an as-needed basis to advise and assist in managing cybersecurity risks. When the Company utilizes third-party services that include web-based platforms or data collection stored on third-party servers, it reviews the service provider’s SOC1 attestation reports on internal controls and inquires regarding controls and procedures utilized by such third parties with respect to cybersecurity of the Company’s data. The Company has in place a cybersecurity incident response plan. Procedures for addressing cybersecurity incidents include reporting incidents up to senior management, including the Company’s legal department for analysis. If a cybersecurity incident were determined to be material, the Company’s disclosure committee would address appropriate public disclosures. As noted above, management regularly reports to the Audit Committee regarding the current cyber threat environment and the controls and procedures meant to address such risks. If a cybersecurity incident were determined to be material, the Audit Committee would be informed promptly. The Company carries cyber risk insurance, but there can be no assurance that losses from a cybersecurity incident would not exceed the insurance coverage. The Company is subject to risks associated with cybersecurity threats. Although the Company has not experienced a cybersecurity incident that materially affected or, to the Company’s knowledge, is reasonably likely to materially affect the Company, including its business strategy, results of operations or financial condition , the Company has, from time to time, experienced threats to and breaches of its data and systems . The Company faces risks associated with security breaches through cyber attacks, cyber intrusions, or otherwise, as well as other significant disruptions of its information technology networks and related systems. These risks are described in more detail under Item 1A. Risk Factors.


Company Information

NameHealthcare Realty Trust Inc
CIK0001360604
SIC DescriptionReal Estate Investment Trusts
TickerHR - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30