FONAR CORP 10-K Cybersecurity GRC - 2024-09-27

Page last updated on September 27, 2024

FONAR CORP reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-09-27 16:30:47 EDT.

Filings

10-K filed on 2024-09-27

FONAR CORP filed a 10-K at 2024-09-27 16:30:47 EDT
Accession Number: 0000355019-24-000038

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

ITEM 1C. CYBERSECURITY Risk Management and Strategy Our Cybersecurity Risk Management Strategy includes a myriad of tools and resources that are designed to ensure the integrity of our information systems. We place a particular emphasis on protecting the privacy of our patient data pursuant to the HIPAA Security Rule. Our cybersecurity risk management process is integrated with our larger risk management system and is considered a core function of our overall risk management strategy. Our strategy is based around the identification, mitigation, avoidance and response to material cybersecurity risks. We employ physical and electronic safeguards to control access to our systems. We employ additional electronic safeguards to control/limit access to the data contained in those systems. We review and re-assess these processes on a rolling basis with the assistance of both internal staff and outside vendors, including assessors, consultants, auditors, and other third parties. Some steps we take include the use of standard security protocols such as password maintenance, multi-factor identification, and penetration testing. We take other steps as may be situationally appropriate for the specific risk presented. We require all of our employees to receive cybersecurity training as part of their initial onboarding process, and employees are required to complete additional training throughout the year. We evaluate all of our vendors and third-party partners for material cybersecurity risks and take steps to mitigate risk through insurance and contractual risk transfer provisions when appropriate. Our Information Technology department works collaboratively with our third party vendors to coordinate a mutually beneficial approach to cybersecurity in the specific context in which risk is presented. These collaborations sometimes take place on a rolling basis, and sometimes take place on a semi-annual or annual basis. At the present time, risks from cybersecurity threats have not materially affected the Company. However, cybersecurity threats have the potential to significantly impair our operations and the operations of the various third parties upon whom we rely. Page 27 FONAR CORPORATION AND SUBSIDIARIES Governance The audit committee of our Board of Directors provides oversight of cybersecurity risks. It receives regular reports from management, including our General Counsel, on various cybersecurity matters during each board meeting. Such reports include information on current cybersecurity risks facing the organization, cybersecurity incidents involving our partners and/or other participants in our industry, and routine updates on the status of our internal cybersecurity risk management plan. Our General Counsel oversees and manages our cybersecurity program. Our General Counsel acts as the coordinator of our cybersecurity team, which includes representatives from our Information Technology department and Compliance department. In addition, he regularly interacts with various department heads from both our New York and Florida regions regarding the prevention, detection, mitigation and remediation of cybersecurity risks. Our General Counsel has an educational background in computer science and has relevant work experience in cybersecurity insurance and risk management, in addition to his relevant legal experience.

Company Information