We are highly dependent on information technology networks and systems, including the internet, to securely process, transmit, and store this critical information. Security breaches of this infrastructure, including physical or electronic break-ins, computer viruses, attacks by hackers and similar breaches, and employee or contractor error, negligence or malfeasance, can create system disruptions, shutdowns, or unauthorized disclosure or modifications of information, causing sensitive, confidential or proprietary information to be accessed or acquired without authorization, or to become publicly available. We utilize third-party service providers for important aspects of the collection, storage, transmission, and verification of customer information and other confidential, and sensitive information, and therefore rely on third parties to manage functions that have material cybersecurity risks. Because of the nature of the sensitive, confidential, and proprietary information that we and our service providers collect, store, transmit, and otherwise process, the security of our technology platform and other aspects of our services, including those provided or facilitated by our third-party service providers, are important to our operations and business strategy. We take certain administrative, physical, and technological safeguards to address these risks, such as requiring outsourcing subcontractors who handle customer, user, and patient information for us to enter into agreements that contractually obligate those subcontractors to use reasonable efforts to safeguard sensitive, confidential, and proprietary information. Measures taken to protect our systems, those of our third-party service providers, or sensitive, confidential, and proprietary information that we or our third-party service providers process or maintain, may not adequately protect us from the risks associated with the collection, storage, and transmission of such information. Although we take steps to help protect sensitive, confidential, and proprietary information from unauthorized access or disclosure, our information technology and infrastructure may be vulnerable to attacks by hackers or viruses, failures or breaches due to third-party action, employee negligence or error, malfeasance, or other disruptions.
A security breach or privacy violation that leads to disclosure or unauthorized use or modification of, or that prevents access to or otherwise impacts the confidentiality, security, or integrity of, sensitive, confidential, or proprietary information we or our third-party service providers maintain or otherwise process, could harm our reputation, compel us to comply with breach notification laws, and cause us to incur significant costs for remediation, fines, penalties, notification to individuals and governmental authorities, implementation of measures intended to repair or replace systems or technology, and to prevent future occurrences, potential increases in insurance premiums, and forensic security audits or investigations. As a result, a security breach or privacy violation could result in increased costs or loss of revenue. If we are unable to prevent such security breaches or privacy violations or implement satisfactory remedial measures, or if it is perceived that we have been unable to do so, our operations could be disrupted, we may be unable to provide access to our platform, and could suffer a loss of customers or providers or a decrease in the use of our platform, and we may suffer loss of reputation, adverse impacts on customer, provider, and partner confidence, financial loss, governmental investigations or other actions, regulatory or contractual penalties, and other claims and liability. In addition, security breaches and other inappropriate access to, or acquisition or processing of, information can be difficult to detect, and any delay in identifying such incidents or in providing any notification of such incidents may lead to increased harm.
Any such breach or interruption of our systems or any of our third-party information technology partners, could compromise our networks or data security processes and sensitive, confidential, or proprietary information could be inaccessible or could be accessed by unauthorized parties, publicly disclosed, lost, or stolen. Any such interruption in access, improper access, disclosure or other loss of such information could result in legal claims or proceedings, liability under laws and regulations that protect the privacy of customer information or other personal information, such as the California Consumer Privacy Act or the General Data Protection Regulation, and regulatory penalties. Unauthorized access, loss or dissemination could also disrupt our operations, including our ability to perform operate our platform and perform our services, provide customer assistance services, conduct research and development activities, collect, process, and prepare company financial information, provide information about our current and future offerings, and engage in other user and clinician education and outreach efforts. Any such breach could also result in the compromise of our trade secrets and other proprietary information, which could adversely affect our business and competitive position. While we maintain insurance covering certain security and privacy damages and claim expenses, we may not carry insurance or maintain
35