OneMedNet Corp 10-K Cybersecurity GRC - 2024-11-05

Page last updated on November 6, 2024

OneMedNet Corp reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-11-05 09:05:30 EST.

Filings

10-K filed on 2024-11-05

OneMedNet Corp filed a 10-K at 2024-11-05 09:05:30 EST
Accession Number: 0001493152-24-043625

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity OneMedNet manages cybersecurity and data protection through a continuously evolving framework, as described in further detail below. The framework allows us to identify, assess and mitigate the risks we face, and assists us in establishing policies and safeguards to protect our systems and the information of those we serve. Our cybersecurity program is managed by James Wang, our Chief Technology Officer. James holds a degree in computer science from the University of Hawaii at Manoa and has 19 years of development experience focused on architecture and security. In his career, he has led initiatives for companies to attain SOC2 compliance and PCI compliance for their product solutions. The Audit Committee of the Board of Directors has oversight of our cybersecurity program and is responsible for reviewing and assessing the Company’s cybersecurity and data protection policies, procedures and resource commitment, including key risk areas and mitigation strategies. As part of this process, the Audit Committee receives regular updates from the Chief Technology Officer on critical issues related to our information security risks, cybersecurity strategy, supplier risk and business continuity capabilities. The Company’s framework includes an incident management and response program that continuously monitors the Company’s information systems for vulnerabilities, threats and incidents; manages and takes action to contain incidents that occur; remediates vulnerabilities; and communicates the details of threats and incidents to management, including the Director Product Management, Head of Data, as deemed necessary or appropriate. Pursuant to the Company’s incident response plan, any incidents are to be reported by the Chief Technology Officer to the Audit Committee, appropriate government agencies and other authorities, as deemed necessary or appropriate, considering the actual or potential impact, significance and scope. The Company is not aware of any previous cybersecurity incidents or threats that are reasonably likely to materially affect its business strategy, results of operations, or financial condition. 32 We employ an array of data security technologies, processes, and methods across our infrastructure to protect systems and sensitive information from unauthorized access. OneMedNet maintains comprehensive identity and access management practices ( e.g., roles and access privileges for each user; multi-factor authentication, privileged user accounts, single sign-on, user lifecycle management) and employs a variety of security information and event management tools. We developed, maintained and utilized a global integrated information security framework to guide our practices, based on relevant industry frameworks and laws, including, but not limited to NIST, GxP, HITRUST, the ISO 27000 family, COBIT, GDPR, and HIPAA. The framework consists of policies, standards, procedures, work instructions and documentation. Information is classified into four categories to help individuals apply the right level of controls and safeguards to information, applications and systems. Our cybersecurity program focuses on all areas of our business, including cloud-based environments, data centers, devices used by employees and contractors, facilities, networks, applications, vendors, disaster recovery / business continuity and controls and safeguards enabled through business processes and tools. We continuously monitor for threats and unauthorized access. We draw on the knowledge and insight of external cybersecurity experts and vendors, and our Chief Technology Officer’s experience in building solutions that are secure and compliant with our information security framework. OneMedNet leverages an array of security services and tools to secure OneMedNet information infrastructure and protect systems and information from unauthorized access. OneMedNet’s products and solutions, including 3 rd party software and services such as hosted cloud based platforms are monitored by a healthcare cloud, security and compliance organization that provides a real-time dashboard to monitor for potential threats and vulnerabilities. Non-technical safeguards also play an important role in our cybersecurity program. We provide various training programs and tools to employees so they can avoid risky practices and help us promptly identify potential or actual issues. We also have global incident response procedures, global service tools to log incidents and issues for investigation, and an ethics line to report concerns and follow up on matters already reported. The Compliance team, led by our Chief Technology Officer, develops and implements our strategy, as well as monitors systems and devices for risks and threats.

Company Information