SBC Medical Group Holdings Inc 10-K Cybersecurity GRC - 2025-03-28

Page last updated on March 28, 2025

SBC Medical Group Holdings Inc reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2025-03-28 09:12:26 EDT.

Filings

10-K filed on 2025-03-28

SBC Medical Group Holdings Inc filed a 10-K at 2025-03-28 09:12:26 EDT
Accession Number: 0001641172-25-001062

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity. The Company prioritizes the security of its information systems and data integrity . We have developed a cybersecurity strategy to manage and mitigate potential cybersecurity risks. Our strategy is designed to safeguard our systems and data. Cybersecurity Risk Management and Strategy The Company’s Information Systems Department is in charge of network construction and cybersecurity management. If a system failure, serious accident, or sign of such an accident is detected, the Information Systems Department reports to the CEO and other executives, who then consider countermeasures. The following are considered important cybersecurity issues, and countermeasures are being implemented.: ● Malware infection: There is a risk of losing sales due to information leaks or system downtime caused by unauthorized access due to malware infection. We are protecting against this by introducing email training and detection products. ● Vulnerability: There is a risk of loss of corporate trust and sales opportunities due to system downtime or information leaks caused by the exploitation of vulnerabilities in servers, etc. We are conducting vulnerability assessments for services that are open to the public, and will continue to expand the scope of these assessments in the future. ● Ransomware: If the system is infected with ransomware, there is a risk of data being encrypted, resulting in business stoppages and information leaks. We have prepared multiple backup mechanisms and recovery procedures in case of damage. ● Information leaks: If data is taken from databases or other sources due to unauthorized access or internal crime, the Company’s credibility will be lost, resulting in a loss of profits or the occurrence of compensation for damages. ● Denial of Service (DOS) attacks: There is a risk that a DOS attack could bring down our website and make it impossible to make appointments at clinics, which would have a negative impact on sales. For this reason, we have introduced a WAF to prevent malicious access and DOS attacks. ● Applying patches and upgrading: There is a risk that not applying patches and upgrades could leave the system vulnerable to attacks, allowing unauthorized access. We are taking measures by regularly updating the operating system and applying patches. Governance and Oversight There is currently no director specializing in cybersecurity. Important cybersecurity matters are reported to the board of directors, and implementations are carried out based on the Company’s organizational chart, with the approval and oversight of the board of directors, CEO, and/or other executive officers, as applicable. 100 Employee Training and Awareness Cybersecurity threats are monitored and prevented by the head of the Information Systems Department, and the training plan is reported to the CEO and other executives, who implement the following: ● We are planning to conduct annual training for the entire company on cybersecurity response. ● We are conducting recovery simulation training in the event of a system failure. ● We are conducting email training that simulates malicious attacks. Third-Party Service Providers To operate our business, we utilize certain third-party service providers to perform a variety of functions. We intend to use the same outsourcing partners as much as possible for consistency. We are planning to establish selection and management policies in the future.

Company Information