The global data protection landscape is rapidly evolving, and we may be affected by or subject to new, amended or existing laws and regulations in the future, including as our operations continue to expand or if we operate in non-U.S. jurisdictions. Several non-U.S. jurisdictions, including the European Union, or EU, its member states, the United Kingdom, Japan and Australia, among others, have adopted legislation and regulations that increase or change the requirements governing the collection, use, disclosure and transfer of the personal information of individuals in these jurisdictions. Additionally, certain countries have passed or are considering passing laws that require local data residency and/or restrict the international transfer of data and/or impose data localization requirements with respect to certain personal information. These laws have the potential to increase costs of compliance, risks of noncompliance and penalties for noncompliance.
Efforts to ensure that our business arrangements with third parties will comply with applicable healthcare laws and regulations will involve substantial costs. If our operations are found to be in violation of any of these laws or any other governmental regulations that may apply to us, we may be subject to significant civil, criminal and administrative penalties, damages, disgorgement, fines, imprisonment, exclusion from government funded healthcare programs, such as Medicare and Medicaid, additional oversight and reporting obligations, contractual damages, reputational harm, diminished profits and future earnings, and the curtailment or restructuring of our operations. If any of the physicians or other healthcare providers or entities with whom we expect to do business is found not to be in compliance with applicable laws, that person or entity may be subject to significant criminal, civil or administrative sanctions, including exclusions from government funded healthcare programs.
We depend on our information technology systems and those of our third-party collaborators, service providers, contractors or consultants. Our internal computer systems, or those of our third-party collaborators, service providers, contractors or consultants, may fail or suffer security breaches, disruptions, or incidents, which could result in a material disruption of our development programs or loss of data or compromise the privacy, security, integrity or confidentiality of sensitive information related to our business and could harm our reputation, business, financial condition or results of operations.
In the ordinary course of our business, we collect, store and transmit large amounts of confidential information, including intellectual property, proprietary business information and personal information. Our internal technology systems and infrastructure, and those of our current or future third-party collaborators, service providers, contractors and consultants are vulnerable to damage from computer viruses, unauthorized access or use resulting from malware, natural disasters, terrorism, war and telecommunication and electrical failures, denial-of-service attacks, cyber-attacks or cyber-intrusions over the Internet, hacking, phishing and other social engineering attacks, persons inside our organizations (including employees or contractors), loss or theft, or persons with access to systems inside our organization. Attacks on information technology systems are increasing in their frequency, levels of persistence, sophistication and intensity, and they are being conducted by increasingly sophisticated and organized non-U.S. governments, groups and individuals with a wide range of motives and expertise. For example, in June 2020, a coordinated cyber security attack targeted Australian government entities and companies. In addition to extracting or accessing sensitive information, such attacks could include the deployment of harmful malware, ransomware, denial-of-service attacks, social engineering and other means to affect service reliability and threaten the security, confidentiality, integrity and availability of information. The prevalent use of mobile devices that access sensitive information also increases the risk of data security incidents which could lead to such sensitive information (which may include confidential information, other intellectual property or personal information) being subject to unauthorized access or otherwise compromised. While to our knowledge we have not experienced any material system failure, accident or security breach to date, if such an event were to occur and cause interruptions in our operations or the operations of third-party collaborators, service providers, contractors and consultants, it could result in a material disruption of our development programs and significant reputational, financial, legal, regulatory, business or operational harm. The costs to us to mitigate, investigate and respond to potential security incidents, breaches, disruptions, network security problems, bugs, viruses, worms, malicious software programs and security vulnerabilities could be significant, and while we have implemented security measures to protect our data security and information
41