Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - CCRN
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors.
We acknowledge the evolving nature of cyber threats to our business and industry. The Board oversees management’s processes for identifying and mitigating cybersecurity risks to help align our risk exposure with our strategic objectives. To that end, cybersecurity risk management is integrated into the Company's overall enterprise risk management function. The Company utilizes a combination of processes and systems designed to assess, monitor, and respond to organizational cybersecurity risks in an effective manner across our operations. The cybersecurity risk management program includes regular assessments, providing a holistic view of our risk posture; this contributes to the ongoing improvement of our process, cybersecurity program, and security position.
The VP of Security reports regularly to the CIO and the Security and Privacy Steering Committee. Further, the CIO provides regular reports to the Audit Committee and to the full Board. Reports include updates on our cyber risks and threats, projects to strengthen our information security systems, assessments of the information security program, and the emerging threat landscape.
Notwithstanding the extensive approach we take to cybersecurity, we may not be successful in preventing or mitigating a cybersecurity incident that could have a material adverse effect on the Company. While we maintain cybersecurity insurance, the costs related to cybersecurity threats or disruptions may not be fully insured. See Item 1A. “Risk Factors” for a discussion of cybersecurity risks.
The following risk factors could materially and adversely affect our future operating results and could cause actual results to differ materially from those predicted in the forward-looking statements we make about our business. Our risks are identified primarily through dialogue with our leaders, including a formal Enterprise Risk assessment, industry trends, our experience, and consideration of the current external market and financial environment. These risk factors are considered in our overall strategy and execution of operations. Factors we currently consider immaterial and factors we currently do not know may also materially adversely affect our business or our consolidated results, financial condition, or cash flows.
Business, Economic, and Industry Risks
Our operations and financial results may be affected by pandemics, epidemics, or other public health crises.
During a pandemic, epidemic, or other public health crisis, certain of our healthcare professionals may be exposed to disease, diagnosed with an illness and/or quarantined as a result of illness. Healthcare workers can become burned out from the emotional and physical stress of a prolonged pandemic, which may result in shortage of supply if core staff members leave their jobs. If, as a result of such risks, our healthcare professionals do not want to, or are not able to provide services, it could negatively impact our supply and ability to provide staffing services to our customers. In addition, census at healthcare facilities continues to vary for many reasons. All of these effects can result in reduced demand for our services or the cancellation of our healthcare professionals working at those facilities or under contract to provide services at those facilities in the future. These effects may also create specific demand in certain specialties and in specific regions of the country.
The financial impact to our healthcare customers from any pandemic, epidemic, outbreak of an infectious disease or other public health crisis may also impact their ability to pay for our services timely or altogether, including invoices for services provided prior to such an event that were in process. Such a failure to pay for our services timely or altogether would have an impact on our collections, resulting in a negative financial impact on our Company.
Global economic conditions and the effect of economic pressures could lead to decreases in demand or pricing for our services, which would adversely affect the profitability of our business.
Uncertainties in global economic conditions that are beyond our control have in the past impacted our business and may in the future materially adversely affect our business, results of operations, financial condition, and stock price. These adverse economic conditions include economic downturns, inflation, recession, slow recovery or growth, new or increased tariffs and other taxes, changes to fiscal and monetary policy, higher interest rates, high unemployment, decreased consumer confidence in the economy, armed hostilities, foreign currency exchange rate fluctuations, conditions affecting the market for temporary staffing services, and other unexpected events, including public health crises.
A decrease or stagnation in the general level of in-patient admissions, out-patient services, or government reimbursements at or to our customers’ facilities could lead to decreases in demand or pricing for our services. When a hospital’s admissions increase, temporary employees or other healthcare professionals are often added before full-time employees are hired. As admissions decrease, customers typically reduce their use of temporary employees or other healthcare professionals before undertaking layoffs of their permanent employees. In periods of economic downturn or high inflation, permanent healthcare staff generally work more hours, resulting in fewer vacancies and less demand for our services. Decreases in demand or pricing for our services may also affect our ability to provide attractive assignments to our healthcare professionals. Any substantial economic downturn, including significant inflationary pressures, could have a material adverse effect on our business, financial condition, or operating results.
We may face challenges competing in the marketplace if we are unable to anticipate and quickly respond to changing marketplace conditions, such as alternative modes of healthcare delivery, reimbursement, customer needs, and capabilities.
Patient delivery settings continue to evolve, including potential changes related to AI, which may accelerate alternative modes of healthcare delivery, such as retail medicine, telemedicine, and home health. Our success is dependent upon our ability to develop innovative workforce solutions and quickly adapt to changing marketplace conditions and client needs, including making modifications to our technologies and evolving our technology platform. Our success is dependent upon our ability to develop innovative workforce solutions and quickly adapt to changing marketplace conditions and client needs, including making modifications to our technologies and evolving our technology platform, which may differentiate our services and abilities from those of our competitors. Among other things, we are currently using agentic agents to streamline work flow, and other AI automation platforms to improve our productivity and create efficiencies.
Advancements in AI and machine learning could materially disrupt traditional healthcare staffing models. Competitors – both existing and new entrants – may invest more aggressively in AI-enabled tools or develop and deploy advanced matching,
11
credentialing, scheduling, or workforce optimization technologies faster than we do. If we are unable to match or exceed the pace of innovation within our industry, our competitive position could be adversely affected.
In addition, our hospital, healthcare facility, and physician-group clients may increasingly adopt AI-based systems that automate or significantly streamline functions we have historically provided, such as candidate sourcing, skills matching, and workforce forecasting. If clients use AI tools to build or enhance their own internal staffing capabilities or otherwise reduce reliance on third-party staffing firms, demand for our services could decline. AI may also make it easier for clients to increase the productivity of their permanent staff or shift to alternative labor models, each of which could reduce the need for temporary staffing.
The markets in which we compete are highly competitive and our competitors may respond more quickly or effectively to new or emerging customer needs and technological advancements, or marketplace conditions. Uncertainty regarding or changes to federal healthcare law and the willingness of our healthcare providers to develop their own temporary staffing pools, replace core staff or to increase permanent staff productivity may, individually or in the aggregate, significantly affect demand for our services.
The development of new service lines and business models using advanced technology solutions, including but not limited to AI, requires significant ongoing investment and continuing innovation.The development of new service lines and business models using advanced technology solutions, including but not limited to AI, requires us to be at the forefront of emerging trends in the healthcare industry. Our ability to compete effectively will depend on how well we anticipate emerging trends, adapt our business model, and implement new technologies. If we fail to do so, our business, financial condition, and results of operations could be materially adversely affected.
Market disruptions or downturns may adversely affect our, or our customer’s, operating results and financial condition.
Economic conditions and volatility in the financial markets may have an adverse impact on the availability of credit to us and to our customers and businesses generally. Conditions in the credit markets and the economy generally could adversely impact our business and limit or prohibit us from refinancing our credit agreements on terms favorable to us, or at all, when they become due. To the extent that disruption in the financial markets occurs, it has the potential to materially affect our and our customers’ ability to access debt and/or equity markets to continue ongoing operations, cash, and/or pay debts as they come due. To the extent that disruption in the financial markets occurs, it has the potential to materially affect our and our customers’ ability to tap into debt and/or equity markets to continue ongoing operations, have access to cash, and/or pay debts as they come due. Although we monitor our credit risks to specific customers that we believe may present credit concerns, default risk or lack of access to liquidity may result from events or circumstances that are difficult to detect or foresee and this could have a material negative impact to our financial results.
We are subject to business and regulatory risks associated with international operations.
We maintain significant back‑office operations in India through our Cross Country Infotech, Pvt. Ltd. (Infotech) subsidiary, which provides in‑house information systems development and support services, as well as certain finance, accounting, and other administrative processing functions. The concentration of these critical functions outside the United States exposes us to risks inherent in international business operations. Any material disruption affecting our India‑based operations could adversely impact our ability to support customers, process transactions, maintain systems, or manage key business functions.
International operations are subject to numerous risks, including, but not limited to: (i) currency exchange‑rate fluctuations; (ii) changes in foreign governmental regulations and labor laws; (iii) differing political, economic, and social conditions; (iv) overlapping, inconsistent, or shifting tax rules and enforcement practices; (v) employment‑related regulations governing compensation, benefits, leave, workforce restructuring, and termination; (vi) privacy, data‑transfer, and data‑security requirements; and (vii) restrictions or disruptions arising from geopolitical tensions, civil unrest, public health crises, or infrastructure limitations.
In addition, India’s regulatory environment continues to evolve, including regulations governing data localization, cybersecurity, and technology services. Changes in these requirements, or our inability to comply with them, could require modifications to our technology infrastructure, limit our ability to process data internationally, increase costs, or subject us to penalties.
Our operations in India also expose us to potential business interruptions arising from power outages, telecommunications failures, natural disasters, political instability, pandemics, or changes in government policy affecting foreign investment or business operations. Because these India‑based functions support key processes across our enterprise, any such interruption could delay billing or collections, impair system development or support, disrupt financial reporting processes, or otherwise negatively affect our operations.
Moreover, if we are unable to effectively manage our international workforce, maintain the security and privacy of data handled abroad, or comply with applicable laws and regulations, we could incur increased operating costs, suffer operational delays,
12
face regulatory actions, or experience reputational harm. Any of these events could materially and adversely affect our business, financial condition, results of operations, or reputation.
Our financial results could be adversely impacted by the loss of key management or corporate employee turnover.
The successful execution of our business strategy and our ability to continue building on significant recent investments depend on the continued leadership and industry expertise of our senior management team and other key corporate employees.We believe the successful execution of our business strategy and our ability to build upon significant recent investments and acquisitions depends on the continued employment of key members of our management team and corporate employees. In December 2025, we underwent a transition in the role of Chief Executive Officer (CEO). Kevin Clark, our current Chairman of the Board, former CEO, and co-founder, was appointed President and CEO of the Company, effective December 15, 2025. Mr. Clark will continue to serve as the Chairman of the Board. Leadership transitions of this nature inherently present risks, including potential disruption to strategic initiatives, operational focus, organizational stability, and employee engagement. The effectiveness of our new CEO, and our ability to maintain continuity during the transition, will be important to the continued execution of our strategy.
In addition to the CEO transition, changes in other key leadership roles, whether planned or unplanned, could also create uncertainty, divert management attention, or lead to turnover among employees or customers. If we are unable to successfully manage leadership transitions or retain and attract qualified executives and corporate personnel, our operations and strategic objectives could be adversely affected. If we are unable to successfully and timely consummate the Aya Merger and/or if we are required to pay the Company Termination Fee, our business and results of operations could be materially and adversely impacted.
Furthermore, the loss of key employees or a significant number of corporate or operational staff, or our inability to recruit and retain individuals with the necessary skills and experience, could impair our ability to support the business, compete effectively, and execute on growth initiatives. Any such developments could materially and adversely affect our business, financial condition, or results of operations.
Our customers may terminate or not renew their contracts with us.
Our arrangements with hospitals, healthcare facilities, physician group, PACE, and education customers are generally terminable by the customer upon 30 to 90 days’ notice. These customers are focused on cost-saving measures and, more recently, the number of request for proposal (RFPs) appears to have increased. As a result, we may lose customers if our customers issue RFPs and choose to contract with one of our competitors instead of us. We may have fixed costs, such as housing costs, associated with terminated arrangements that we will be obligated to pay post-termination, thus negatively impacting our profitability. In addition, the loss of one or more of our large customers could materially and adversely affect our profitability.
If our healthcare facility customers increase the use of intermediary organizations, it could impact our profitability and our ability to secure contracts with customers.
We continue to see our customers use intermediary organizations and an increase in the use of side-by-side managed service providers. Intermediaries typically enter into contracts with hospitals or health systems and then subcontract with us and other agencies to provide staffing services, thus interfering to some extent in our relationship with our customers. Each of these intermediaries charges an administrative fee. In instances where we do not win new MSP opportunities or where other vendors win this MSP, a side-by-side MSP opportunity, or vendor management system (VMS) business with our current customers, the number of professionals we have on assignment at those customers and/or our spend under management could decrease. If we are unable to negotiate hourly rates with intermediaries for the services we provide to these customers that are sufficient to cover administrative fees charged by those intermediaries, it could impact our profitability. If hospitals fail to pay the intermediaries for our services or those intermediaries become insolvent or fail to pay us for our services, it could impact our bad debt expense and thus our overall profitability. We also provide comprehensive MSP and other workforce solutions directly to certain of our customers. While such contracts typically improve our market share at these facilities, they could result in less diversification of our customer base, increased liability, and reduced margins.
Our costs of providing services may rise faster than we are able to adjust our bill rates and pay rates and, as a result, our margins could decline and our profitability could be adversely impacted.
Costs of providing our services and regulatory changes to required wages could change more quickly than we are able to renegotiate bill rates in our active customer contracts and pay rates with our thousands of healthcare professionals. For example, we offer housing subsidies to some of our healthcare professionals or directly provide housing to other healthcare professionals. The cost of subsidizing housing or renting apartments and furniture for these healthcare professionals may increase faster than we are able to renegotiate our rates with our customers, and this may have a negative impact on our profitability. In addition, an increase in other incremental costs beyond our control, such as insurance, could negatively affect our financial results. The costs
13
related to obtaining and maintaining professional and general liability insurance, health insurance, and workers’ compensation insurance for healthcare providers has generally been increasing. This could have an adverse impact on our financial condition unless we are able to pass these costs through to our customers or renegotiate pay rates with our healthcare providers.
Operational Risks
We are dependent on the proper functioning of the information systems and technology applications used to operate our business, including applications hosted by third‑party vendors.
These systems support critical activities such as identifying and matching staffing resources to customer assignments, maintaining clinical and operational records, performing billing and accounts‑receivable functions, and managing our accounting and financial reporting. We are in the process of implementing a new enterprise‑wide enterprise resource planning (ERP) system intended to modernize and integrate key operational and financial processes. Large‑scale technology implementations of this nature are inherently complex and involve significant operational dependencies, data‑migration risks, and change‑management challenges.
If the ERP implementation is delayed, experiences defects or integration issues, or otherwise fails to operate as intended, we could experience business disruptions, reduced functionality of core systems, delays in billing or collections, impaired financial reporting processes, increased costs, or loss of operational efficiency. Any such issues could negatively affect our relationships with customers, PACE partners, and employees, and could result in reputational harm, increased remediation expenses, or material adverse effects on our operating results.We rely significantly on our ability to attract, develop, and retain professionals who possess the skills, experience and, as required, licensure necessary to meet the specified requirements of our customers.
More broadly, our information systems and vendor‑hosted applications are subject to risks including technological obsolescence, system failures, processing interruptions, and cyber or physical attacks. Although our systems are protected through secure hosting facilities and supported by backup and remote‑processing capabilities, they remain vulnerable to events such as power outages, telecommunications failures, natural disasters, hardware or software malfunctions, or unauthorized access. If critical systems fail or become inaccessible, we may be forced to perform key functions manually, which could impair our ability to maintain billing and clinical records reliably, bill for services efficiently, manage payroll accurately, or maintain timely and accurate accounting and financial reporting.
Company and third-party computer, technology and communications hardware and software systems are vulnerable to damage, unauthorized access, and disruption that could expose the Company to material operational, financial, and reputational damage (including the unauthorized access to, or exposure of, personal and confidential information).
The Company’s ability to manage its operations in both the U.S. and India through the use of key systems is critical to its success and largely depends upon the efficient and uninterrupted operation of its computer, technology and communications systems, some of which are provided and/or managed by third-party vendors. The Company’s primary systems (and, as a result, its operations) are vulnerable to damage or interruption from power outages, computer, technology and telecommunications failures, computer viruses, security breaches, cyber attacks, catastrophic events, and errors in usage by the Company’s or its vendors’ employees and contractors. In addition, the Company’s systems contain personal and confidential information, including information of importance to the Company, and its employees, vendors, contractors, and customers.
Cyberattacks, including attacks motivated by the desire for monetary gain, geopolitics, grievances against the business services industry in general or against the Company in particular, may disable or damage its systems or the systems of its vendors or customers, or allow unauthorized access to, or exposure of, personal or confidential information, including information about employees, vendors, candidates, contractors and customers. The Company’s security tools, controls and practices, including those relating to identity and access management, credential strength, and the security tools, controls and practices of its vendors and customers, may not prevent access, damage or disruption to Company or third-party systems or the unauthorized access to, or exposure of, personal or confidential information. There are many approaches through which such systems could be damaged or disrupted, or information exposed or accessed, including through system vulnerabilities, improperly obtaining and using user credentials, or the misuse of authorized user access.
The damage or disruption to Company or third-party systems, or unauthorized access to, or exposure of, personal or confidential information, could harm the Company’s operations, reputation and brand, resulting in a loss of business or revenue. It could also subject the Company to government sanctions, litigation from candidates, contractors, customers, and employees, and legal liability under its contracts, resulting in increased costs or loss of revenue. The Company may also incur additional expenses, such as the cost of remediating incidents or improving security measures, the cost of identifying and retaining replacement vendors, increased costs of insurance, or ransomware payments.
14
Cybersecurity threats continue to increase in frequency and sophistication, thereby increasing the difficulty of detecting and defending against them. Furthermore, the potential risk of security breaches and cyberattacks may increase as the Company introduces new service offerings. Any future events impacting the Company or its third-party vendors that damages or interrupts the Company's or its third-party vendors’ systems or exposes data or other confidential information could have a material adverse effect on our operations, reputation, and financial results.
Changes in data privacy and protection laws and regulations in respect of control of personal information (and the failure to comply with such laws and regulations) could increase the Company’s costs or otherwise adversely impact its operations, financial results, and reputation.
In the ordinary course of business, the Company collects, uses, and retains personal information from its customers, employees, employment candidates, and contractors. The possession and use of personal information in conducting the Company’s business may subject it to a variety of complex and evolving laws and regulations regarding data privacy, which, in many cases, apply not only to third-party transfers, but also to transfers of information among the Company and its subsidiaries. The possession and use of personal information in conducting the Company’s business subjects it to a variety of complex and evolving laws and regulations regarding data privacy, which, in many cases, apply not only to third-party transfers, but also to transfers of information among the Company and its subsidiaries.
For example, there has been a number of recently enacted state-level privacy regulations that assign specific rights to consumers, employees, and other data subjects, and imposes specific operational requirements for businesses that collect, process, and store personal information. Complying with these enhanced obligations, state-level privacy regulations (such as the California Consumer Privacy Act) and other current and future laws and regulations relating to data transfer, residency, privacy and protection have increased, and continue to increase the Company’s operating costs and require significant management time and attention. Complying with these enhanced obligations, state-level privacy regulations (such as the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)) and other current and future laws and regulations relating to data transfer, residency, privacy and protection have increased, and continue to increase the Company’s operating costs and require significant management time and attention. Simultaneously, any failure by the Company or its subsidiaries to comply with applicable laws could result in governmental enforcement actions, consumer actions, fines, and other penalties that could potentially have an adverse effect on the Company’s operations, financial results and reputation.
Social, ethical, and security issues relating to the use of AI may result in reputational harm and liability.
Many of our business operations and support activities are performed by a predominantly remote workforce. Should any of these employees utilize non-approved AI, this could result in reputational harm to the Company and have an adverse effect on its operations. In addition, we may incorporate traditional and generative AI solutions into our information systems and products that may become important in our operations over time, such as agentic agents and other AI automation platforms to streamline work flow, improve our productivity, and create efficiencies. In addition, we may incorporate traditional and generative AI solutions into our information systems and products which may become important in our operations over time. The ever-increasing use and evolution of technology, including AI, creates opportunities for the potential loss or misuse of personal data that we collect or use to run our business. There is also a risk that we may not have access to the technology and qualified AI personnel resources to adequately incorporate advancements into our AI initiatives. The rapid evolution of AI, including potential government regulations, will require significant resources to develop, test and maintain our platforms to help us implement AI responsibly. This may result in significantly increased business and security costs, administrative penalties, or costs related to defending legal claims.
We may be unable to recruit and retain enough quality professionals to meet our customers’ demands.
We rely significantly on our ability to attract, develop, and retain professionals who possess the skills, experience and, as required, licensure necessary to meet the specified requirements of our customers. We compete for healthcare and other staffing personnel with other temporary staffing companies, as well as actual and potential customers such as healthcare facilities and physician groups, some of which seek to fill positions with either permanent or temporary employees. We rely on word-of-mouth referrals, as well as social and digital media, to attract qualified professionals. If our social and digital media strategy is not successful, our ability to attract qualified professionals could be negatively impacted.
In addition, with a shortage of certain qualified professionals in many areas of the United States, competition for these professionals remains intense. Our ability to recruit and retain professionals depends on our ability to, among other things, offer assignments that are attractive to professionals and offer them competitive wages and benefits or payments, as applicable. Our competitors might increase hourly wages or the value of benefits to induce professionals to take assignments with them. If we do not raise wages or increase the value of benefits in response to such increases by our competitors, we could face difficulties attracting and retaining qualified professionals. If we raise wages or increase benefits in response to our competitors’ increases, our customers and our margins could decline. At this time, we still do not have enough nurses, allied professionals, and physicians to meet all of our customers’ demands for these staffing services. A shortage of healthcare professionals generally and the competition for their services may limit our ability to increase the number of healthcare professionals that we successfully recruit, decreasing our ability to grow our business.
15
Our labor costs could be adversely affected by a shortage of experienced healthcare professionals and labor union activity.
Our operations are dependent on our ability to recruit and staff quality healthcare professionals. We compete with other staffing companies and technologies in recruiting and retaining qualified personnel. We may be required to enhance wages and benefits to our employees through mandatory minimum wage laws, which could negatively impact our profitability. Labor union activity is another factor that could adversely affect our labor costs or otherwise adversely impact us. To the extent a significant portion of our employee base unionizes, our labor costs could increase significantly.
If our labor costs increase, we may not be able to raise rates to offset these increased costs. Because a significant percentage of our revenues consists of fixed, prospective payments, our ability to pass along increased labor costs is constrained. In the event we are not entirely effective at recruiting and retaining qualified management, nurses, and other support personnel, or in controlling labor costs, this could have an adverse effect on our results of operations.
We are dependent on third parties for the execution of certain critical functions.
We have outsourced certain critical applications or business processes to external providers, including, but not limited to, background screenings of our employees. We exercise care in the selection and oversight of these providers. However, the failure or inability of one or more of these critical suppliers to perform could cause significant disruptions and increased costs to our business. In addition, we rely on third-party timekeeping systems in certain circumstances to process payroll. To the extent that these payroll systems experience a disruption or delay in reporting time worked by our healthcare professionals, we may not be able to make payroll to our healthcare workers timely. This could result in significant dissatisfaction by our healthcare workers and damage to our reputation, in addition to violations of certain laws or regulations. We have a risk mitigation plan in place in the event this were to occur, but the inability to effectively implement this plan, or its failure, could cause an adverse impact to our business and our financials.
As the use of social media platforms expands, new risks and challenges may cause damage to our brand and reputation.
In our industry, the use of social media platforms has increased due to the ability to access to a broad audience through social media websites and other internet communication. Any inappropriate or unauthorized use of certain social media vehicles by our employees, contractors, customers, or vendors could cause damage to our brand, or result in information leakage that could have legal implications, including the dissemination of personally identifiable information of customers or employees. In addition, inaccurate or negative posts or comments on social media websites could damage our reputation or brand image. In addition, inaccurate posts or comments on social media websites could damage our reputation or brand image.
Our failure to protect our reputation could have a material adverse effect on our business.
We believe that our industry reputation is critical to our success. We also believe that maintaining and enhancing our reputation directly relates to our ability to hire and retain healthcare professionals. Any negative claims or publicity about us, including through social media, may adversely impact our ability to recruit, hire, and retain qualified healthcare professionals, and may also adversely affect relationships with our customers. In this regard, failure to comply with ethical, social, product, labor, health and safety, accounting, or environmental standards could jeopardize our reputation and potentially lead to various adverse effects on our business.
Our reputation may also be impacted by our CSR and sustainability initiatives. Risks associated with these initiatives include any increased public focus, including by governmental and nongovernmental organizations, new laws and regulations, increased costs associated with sustainability efforts and/or compliance with laws and regulations. Risks associated with these initiatives include any increased public focus, including by governmental and nongovernmental organizations, new laws and regulations, increased costs associated with sustainability efforts and/or compliance with laws and regulations, as well as increased pressure to expand our CSR and sustainability disclosures in these areas, make commitments, set targets or establish additional goals, and take actions to meet such targets and goals. In addition, organizations that provide information to investors on corporate governance and related matters have developed ratings processes for evaluating companies on their approach to CSR matters. Such ratings are used by some investors to inform their investment and voting decisions. Unfavorable CSR ratings may lead to increased negative investor sentiment toward us, which could have a negative impact on the price of our securities and our access to and costs of capital. Unfavorable CSR or ESG ratings may lead to increased negative investor sentiment toward us, which could have a negative impact on the price of our securities and our access to and costs of capital.
All of the foregoing could expose us to market, operational, and execution costs or risks. Any CSR or sustainability metrics that we currently or may in the future disclose, whether based on the standards we set for ourselves or those set by others, may influence our reputation and the value of our brands.
Legal, Tax, and Regulatory Risks
The healthcare industry is highly regulated. Any material changes in the political, economic, or regulatory environment that affect the purchasing policies, practices, and operations of healthcare organizations, or that lead to consolidation in the healthcare industry, could reduce the funds available to purchase our services or otherwise require us to modify our offerings.
16
We provide our services to hospitals and health systems which pay us directly. Accordingly, Medicare, Medicaid, and insurance reimbursement policy changes generally do not directly impact us. However, indirectly, our business, financial condition, and results of operations depend upon conditions affecting the healthcare industry generally, and hospitals and health systems particularly. The healthcare industry is highly regulated by federal and state authorities and is subject to changing political, economic, and regulatory influences. Factors such as changes in reimbursement policies for healthcare expenses, consolidation in the healthcare industry, regulation, litigation, and general economic conditions could affect the purchasing practices, operations and financial health of our customers, which could have a negative impact on our business. In addition, application and interpretation of laws sometimes change and those changes may spark regulatory inquiries or investigations as a result, for which we may not be insured and which could adversely affect our business and financial condition. Insurance companies and managed care organizations also seek to control costs by requiring healthcare providers, such as hospitals, to discount their services in exchange for exclusive or preferred participation in their benefit plans. While not affecting us directly, future federal and state legislation or evolving commercial reimbursement trends may further reduce or change conditions for our customers’ reimbursement. Such limitations on reimbursement could reduce our customers’ cash flows, hampering the prices we can charge customers, and reducing their ability to pay us. Reimbursement changes in government programs, particularly Medicare and Medicaid, can and do indirectly affect the demand and the prices paid for our services. The impact of any legislation to repeal, amend, or replace the Affordable Care Act could also adversely affect our business and financial condition.
We operate our business in a regulated industry and modifications, inaccurate interpretations, or violations of any applicable statutory or regulatory requirements may result in material costs or penalties, as well as litigation, and could reduce our revenue and earnings per share.
Our industry is subject to numerous and complex federal, state, local, and international laws and regulations, including those relating to the: licensure of professionals; medical malpractice and associated indemnity obligations; wage and hour requirements; employment taxes; arbitration agreements; income tax withholdings; expense reimbursements; wage transparency mandates; and general business operations, including tax compliance. Failure to comply with applicable laws or regulations may result in civil or criminal penalties, government investigations, litigation, or other adverse actions.
Although we maintain insurance for employment-related and other claims, such coverage may not cover all claims, may require us to pay significant self-insured retentions, or may not remain available at reasonable cost. If coverage is insufficient, unavailable, or subject to limitations, we could be required to pay substantial liabilities directly. Any of these outcomes could materially and adversely affect our business, financial condition, results of operations, and earnings per share
More specifically, our caregiver services to PACE programs (home-base staffing) business supports PACE programs in several states. Many states have not adopted licensure requirements or regulatory frameworks specific to our home-based staffing business model. However, existing statutes in certain jurisdictions could be interpreted to require licensure of our home-based staffing operations. If regulators adopt interpretations that differ from our own, we could be found to be out of compliance, which may result in reputational harm, financial penalties, operational disruption, or the need to modify our business model.
In 2024, following an investigation, the California Department of Social Services (CDSS) determined that we were not required to register as a home care organization. Despite no change in applicable regulations or in our business model, CDSS conducted additional investigations in November 2025 and early 2026 that resulted in our receipt of a Notice of Violation of Law (NOVL) alleging that our operations require licensure. We appealed the NOVL, which was denied in February 2026. While we filed a second appeal and an application for licensure, an adverse outcome would require us to obtain licensure and result in additional costs, among other things, to register our caregivers with the State of California, and could result in the loss of caregivers, require us to restructure elements of our operations, or limit the services we provide in California. Other states may take similar positions or revisit prior regulatory interpretations. Any such developments could impose material costs, create operational uncertainty, or negatively affect our ability to serve PACE programs or other clients and we are not insured for this risk.
We are subject to various litigation, claims, investigations, and other proceedings which could result in substantial judgments, settlement costs, or uninsured liabilities.
We are party to various litigation, claims, investigations, and other proceedings. These matters primarily relate to employee-related matters that include individual and collective claims, professional liability, tax, and payroll and/or related practices. We evaluate these litigation claims and legal proceedings to assess the likelihood of unfavorable outcomes and to estimate, if possible, the amount of potential losses. Additionally, as a result of the economy and changes to the law, increased collective bargaining actions, healthcare professionals no longer being able to secure the same level of income as they did during the COVID-19 pandemic, and other factors, the number of litigation claims have increased in both volume and financial recovery. Based on assessments and estimates, if any, we establish reserves and/or disclose the relevant litigation claims or legal proceedings, as appropriate. These assessments are performed at least quarterly and are based on the information available to management at the time and involve a significant amount of management judgment. Based on the new information considered in our reviews, we adjust our disclosures and our loss contingency accruals, which may increase as a result of increased
17
litigation claims. We may not have sufficient insurance to cover these risks. Actual outcomes or losses may differ materially from those estimated by our current assessments, which would impact our profitability. Adverse developments in existing litigation claims or legal proceedings involving our Company or new claims could require us to establish or increase litigation reserves or enter into unfavorable settlements or satisfy judgments for monetary damages for amounts in excess of current reserves, which could adversely affect our financial results.
In recent years, healthcare providers and the Company have become subject to or brought an increasing number of legal actions alleging, among other things, malpractice, vicarious liability, violation of certain consumer protection acts, negligent hiring, negligent credentialing, discrimination, wage and hour, or related legal theories. We may be subject to liability in such cases even if our Company’s contribution to the alleged injury was minimal or related to one of our subcontractors or its employees. Many of these actions, including class actions, involve large claims and significant defense costs. In addition, we may be subject to claims related to torts or crimes committed by our corporate employees or healthcare professionals that we place on assignment. In most instances, we are required to indemnify customers against some or all of these risks, and, at times, liabilities attributable to our subcontractors and their personnel, and the law may consider the Company and its customers to be joint employers, adding further complexities to litigation. A failure of any of our corporate employees, healthcare professionals, or subcontracted personnel to observe our policies and guidelines, relevant customer policies and guidelines, or applicable federal, state, or local laws, rules, and regulations could result in negative publicity, payment of fines, or other damages to us.
To protect ourselves from the cost of these types of claims, we maintain professional malpractice liability insurance, employment practices liability insurance, and general liability insurance coverage with terms and in amounts with deductibles that we believe are appropriate for our operations, although we do not maintain insurance coverage for wage and hour claims or for liabilities of our subcontractors or their personnel. We are partially self-insured for our workers’ compensation coverage, health insurance coverage, and professional liability coverage for our healthcare providers. If we become subject to substantial uninsured workers’ compensation, wage and hour claims, medical coverage, or medical malpractice liabilities, whether directly or indirectly, our financial results may be adversely affected. In addition, our insurance coverage may not cover all claims against us or continue to be available to us at a reasonable cost. If we are unable to pay our self-insured retention portion, pay any uninsured portion, or maintain adequate insurance coverage, we may be exposed to substantial liabilities.
If applicable government regulations change, we may face increased costs that reduce our revenue and profitability.
The temporary healthcare staffing industry is regulated in many states. For example, in some states, firms such as our nurse staffing companies must be registered to establish and advertise as a nurse-staffing agency or must qualify for an exemption from registration in those states. Several states have adopted wage transparency or equity laws that have complex reporting requirements. If we were to lose any required state licenses, we could be required to cease operating in those states. The introduction of new regulatory provisions could also substantially raise the costs associated with hiring temporary employees. For example, some states could impose sales taxes or increase sales tax rates on temporary healthcare staffing services. These increased costs may not be able to be passed on to customers. In addition, if government regulations were implemented that limited the amount we could charge for our services, our profitability could be adversely affected. We continuously monitor changes in regulations and legislation for potential impacts on our business.
We could suffer adverse tax and other financial consequences if taxing authorities do not agree with our tax positions, if there are further legislative tax changes, or if we are unable to utilize our net operating losses (NOLs).
We are periodically subject to a number of tax examinations by taxing authorities in the states and countries where we do business. We also have deferred tax assets related to our NOLs in federal and state taxing jurisdictions, which, generally carry forward for up to twenty years or indefinitely, depending on the year the NOL was generated. We also have deferred tax assets related to our NOLs in state taxing jurisdictions, which, generally, for state tax purposes, carry forward for up to twenty years or indefinitely, depending on the year the NOL was generated. Tax years generally remain subject to examination until three years after NOLs are used or expire. We expect that we will continue to be subject to tax examinations in the future. We recognize tax benefits of uncertain tax positions when we believe the positions are more likely than not of being sustained upon a challenge by the relevant tax authority. We believe our judgments in this area are reasonable and correct, but there is no guarantee that we will be successful if challenged by a taxing authority. If there are tax benefits, including, but not limited to, the use of NOLs, expense reimbursements, or other tax attributes, that are challenged successfully by a taxing authority, we may be required to pay additional taxes, interest, and penalties, or we may seek to enter into settlements with the taxing authorities, which could require significant payments or otherwise have a material adverse effect on our business, results of operations, and financial condition.
In addition, federal, state and local, as well as international, tax laws and regulations are extremely complex and subject to varying interpretations. On March 27, 2020, President Biden signed the Coronavirus Aid, Relief, and Economic Security (CARES) Act into law, which was extended under the Taxpayer Certainty and Disaster Relief Act of 2020 passed on December 27, 2020. Further, on March 11, 2021, President Biden signed the American Rescue Plan Act of 2021 (ARPA). On March 27, 2020, former President Biden signed the Coronavirus Aid, Relief, and Economic Security (CARES) Act into law, which was extended under the Taxpayer Certainty and Disaster Relief Act of 2020 passed on December 27, 2020. Further, on March 11, 2021, President Biden signed the American Rescue Plan Act of 2021 (ARPA). On July 4,
18
2025, President Trump signed the One, Big, Beautiful Bill Act into legislation. We are not aware of any provision in the CARES Act, ARPA, or any other pending tax legislation that would have a material adverse impact on the Company's financial performance. There can be no assurance that the CARES Act, ARPA, the Tax Cuts and Jobs Act of 2017 (2017 Tax Act), or any other legislative changes will not negatively impact our operating results, financial condition, and future business operations. There can be no assurance that the CARES Act, ARPA, the Tax Cuts and Jobs Act of 172017, or any other legislative changes will not negatively impact our operating results, financial condition, and future business operations.
We may be limited in our ability to utilize our remaining state NOLs to offset future taxable income and thereby reduce our otherwise payable income taxes. Our ability to utilize NOLs is also dependent, in part, upon us having sufficient future earnings to utilize our state NOLs before they expire. Our ability to utilize our NOLs is also dependent, in part, upon us having sufficient future earnings to utilize our state NOLs before they expire. If market conditions change materially and we determine that we will be unable to generate sufficient taxable income in the future to utilize state NOLs, we could be required to record additional valuation allowances. We review the valuation allowances for state NOLs periodically and make adjustments from time to time, which can result in an increase or decrease to the net deferred tax asset related to our state NOLs. We review the valuation allowances for our state NOLs periodically and make adjustments from time to time, which can result in an increase or decrease to the net deferred tax asset related to our state NOLs. If we are unable to use state NOLs or use of state NOLs is limited, we may have to make significant payments or reduce our deferred tax assets, which could have a material adverse effect on our business, results of operations, and financial condition. If we are unable to use our state NOLs or use of our state NOLs is limited, we may have to make significant payments or reduce our deferred tax assets, which could have a material adverse effect on our business, results of operations, and financial condition.
If certain of our healthcare professionals are reclassified from independent contractors to employees, our profitability could be materially adversely impacted.
Federal or state taxing authorities could re-classify our locum tenens physicians, CRNAs, nurse practitioners, and other independent contractors as employees, despite both the general industry standard to treat them as independent contractors and many state laws prohibiting non-physician owned companies from employing physicians (e.g., the “corporate practice of medicine”). Other than in California and Illinois, where advanced practitioners are required to be classified as W-2 employees by law, if they were re-classified as employees, we would be subject to, among other things, employment and payroll-related tax claims, as well as any applicable penalties and interest. Any such reclassification would have a material adverse impact on our business model for that business segment and would negatively impact our profitability.
If the method for paying locum tenens physicians changes, it could negatively impact our profitability.
The Medicare Access and CHIP Reauthorization Act of 2015 created a certain framework for rewarding physicians for providing higher quality care by establishing two tracks of payment: a merit-based incentive payment system and Advanced Alternative Payment Models. If hospitals change the method for paying locum tenens physicians to meet their performance goals or other criteria for Medicaid or Medicare reimbursements, the profitability of our business could be adversely impacted.
Risks Relating to Our Indebtedness
We could have a level of indebtedness which may have an adverse effect on our business or limit our ability to take advantage of business, strategic, or financing opportunities.
As of December 31, 2025, we had no borrowings under our Asset-Based Loan Agreement (ABL). A change in our level of indebtedness could have important negative consequences including: (i) increased demands on our cash resources to service the debt; (ii) our financial and operating flexibility may be restricted due to debt covenants to which we are subject, and our ability to generate profitability and maintain cash flow from operations could impact our compliance with these covenants; and (iii) we may choose to institute self-imposed limits on our indebtedness based on certain considerations including market interest rates, our relative leverage, and our strategic plans. For example, as a result of our level of indebtedness and the uncertainties arising in the credit markets and the U.S. economy:
- we may be more vulnerable to general adverse economic and industry conditions;
- we may have to pay higher interest rates upon refinancing or on our variable rate indebtedness if interest rates rise, thereby reducing our cash flows;
- we may find it more difficult to obtain additional financing to fund future working capital, capital expenditures, acquisitions, and other general corporate requirements that would be in our long-term interests;
- we may be required to dedicate a substantial portion of our cash flow from operations to the payment of principal and interest on our debt, reducing the available cash flow to fund other investments;
- we may have limited flexibility in planning for, or reacting to, changes in our business or in the industry;
- we may have a competitive disadvantage relative to other companies in our industry that are less leveraged;
19
- we may be required to sell debt or equity securities or sell some of our core assets, possibly on unfavorable terms, in order to meet payment obligations; and
- we may not be able to successfully raise capital to execute our mergers and acquisitions strategy.
These constraints could have a material adverse effect on our business.
We could fail to generate sufficient cash to fund our liquidity needs and/or fail to satisfy the financial and other covenants to which we are subject under our existing indebtedness, which could adversely affect long term growth and results of operations.
We currently have sufficient liquidity to operate our business in the normal course. If, however, we were to close an acquisition or enter into a similar type of transaction, our liquidity needs may exceed our current capacity. Our credit facility currently contains an occurrence-based financial covenant that may be triggered if we fall below a certain level of excess availability, requiring us to operate above a minimum fixed charge coverage ratio. Additionally, our borrowing capacity is based on trade receivables and we could have a loss in availability due to market or other financial conditions affecting our customers and their ability to pay according to terms, resulting in ineligible receivables (to borrow against). Deterioration in our operating results could result in our inability to comply with this covenant and would result in a default under our credit facility. If an event of default exists, our lenders could call the indebtedness and we may be unable to renegotiate or secure other financing.
General Business Risks
We continually evaluate opportunities to acquire companies or enter into other strategic transactions which may involve significant cash expenditures and expose us to unforeseen liabilities and/or integration challenges.
We continually evaluate opportunities to acquire companies or enter into other strategic transactions.We continually evaluate opportunities to acquire companies that would complement or enhance our business. These transaction opportunities involve numerous risks and uncertainties, including, but not limited to, those related to our ability to successfully consummate a transaction and realize the expected benefits related thereto. If we pursue a strategic transaction that we are ultimately unable to complete, our business, results of operations, and financial condition could be adversely impacted. For example, as previously disclosed, on December 3, 2024, we entered into the Aya Merger Agreement, which, subject to certain closing conditions, provided for the acquisition of the Company by Parent. On December 3, 2025, we received a notice of termination of the Aya Merger Agreement from Parent. While Parent paid us a termination fee of $20.0 million as a result of the termination of the Aya Merger Agreement, we incurred substantial transaction costs in connection with the Aya Merger.
Additionally, we have in the past and may in the future acquire companies that we believe would complement or enhance our business. Acquiring a company may result in the loss of our key employees or customers or those of the acquired company; integration challenges including integrating acquired personnel and distinct cultures into our business; integrating the acquired company into our operating, financial planning, and financial reporting systems; diversion of management attention from existing operations; and assumptions of liabilities and exposure to unforeseen liabilities of the acquired company, including liabilities for their failure to comply with healthcare and tax regulations. These acquisition opportunities involve numerous risks, including potential loss of key employees or customers of acquired companies; difficulties integrating acquired personnel and distinct cultures into our business; difficulties integrating acquired companies into our operating, financial planning, and financial reporting systems; diversion of management attention from existing operations; and assumptions of liabilities and exposure to unforeseen liabilities of acquired companies, including liabilities for their failure to comply with healthcare and tax regulations. These acquisitions may also involve significant cash expenditures, debt incurrence and integration expenses that could have a material adverse effect on our financial condition and results of operations. Any acquisition may ultimately have a negative impact on our business and financial condition.
Notwithstanding the due diligence investigation we perform in connection with acquisitions, the acquired business may have liabilities, losses, or other exposures for which we do not have adequate insurance coverage, indemnification, or other protection.
While we perform significant due diligence prior to signing purchase agreements, we are dependent on the accuracy and completeness of statements and disclosures made or actions taken by the sellers and their representatives when conducting due diligence and evaluating the results of such due diligence. We do not control and may be unaware of activities of the sellers before the acquisition, including intellectual property disputes and other litigation or disputes, information security vulnerabilities, violations of laws, policies, rules, and regulations, commercial disputes, tax liabilities, and other liabilities.
The sellers’ obligations to indemnify us is limited to, among others, breaches of specified representations and warranties and covenants included in the purchase agreement and other specific indemnities as set forth in the purchase agreement. In the event of a breach of a representation or warranty, other than a core representation (as defined in the purchase agreement), sellers’ obligation to indemnify us may be limited to the time frame in which the loss arises and the amount of the loss. If any issues arise post-closing, we may not be entitled to, or be able to, collect sufficient, or any, indemnification or recourse from the sellers, which could have a material adverse impact on our business and results of operations.
20
Losses caused by natural disasters, such as hurricanes and fires, or other unexpected events, could cause us to suffer material financial losses.
Catastrophes can be caused by various events, including, but not limited to, hurricanes, fires, and other severe weather. The incidence and severity of catastrophes are inherently unpredictable. With our headquarters, shared services, and many of our remote workers located in South Florida, we are more vulnerable to possible disruptions from hurricanes and the impacts resulting therefrom, such as tornadoes, flooding, fuel shortages, and disruption of internet and telecommunications services. We also have a significant amount of business and employees in California, which is vulnerable to wildfires and earthquakes. Over time, these conditions could result in increases in our operating costs or business interruptions. The extent of losses from a catastrophe is a function of both the total amount of insured exposure and the severity of the event. We do not maintain business interruption insurance for these events. We could suffer material financial losses as a result of disruptions from hurricanes, fires, or other catastrophes, including unexpected events.
Locations operated by our vendors may also be subject to natural disasters or other extreme weather conditions. To the extent any of these events occur, our operations and financial results could be adversely affected.
Due to inherent limitations, our system of disclosure and internal controls and procedures may not be successful in preventing all errors and fraud, or in making all material information known in a timely manner to management.
A control system, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. A control system, no matter how well designed and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of fraud, if any, within our Company have been detected. These inherent limitations include the realities that judgments in decision-making can be faulty, and that breakdowns can occur because of a simple error or mistake. Additionally, controls can be circumvented by the acts of an individual, by collusion of two or more people, or by management override of the control.
The design of any system of controls also is based in part upon certain assumptions about the likelihood of future events, and any design may not succeed in achieving its stated goals under all potential future conditions; over time, a control may become inadequate because of changes in conditions, or the degree of compliance with the policies or procedures may deteriorate. Because of the inherent limitations, misstatements due to error or fraud may occur and not be detected.
Impairment in the value of our goodwill, trade names, or other intangible assets could negatively impact our net income and earnings per share.
We are required to test goodwill and intangible assets with indefinite lives (such as trade names) annually, to determine if impairment has occurred. Long-lived assets and other identifiable intangible assets are also reviewed for impairment whenever events or changes in circumstances indicate that amounts may not be recoverable. If the testing performed indicates that impairment has occurred, we are required to record an impairment charge for the difference between the carrying amount of the goodwill or other intangible assets and the implied fair value of the goodwill or the fair value of the indefinite-lived intangible asset in the period the determination is made. The testing of goodwill and other intangible assets for impairment requires us to make significant estimates about our future performance and cash flows, as well as other assumptions. These estimates can be affected by numerous factors, including changes in economic, industry, or market conditions, changes in business operations, changes in competition, or changes in our stock price and market capitalization. Changes in these factors, or changes in actual performance compared with estimates of our future performance, could affect the fair value of goodwill, trade names, or other intangible assets, which may result in an impairment charge. In the fourth quarter of 2025, we recorded non‑cash goodwill impairment charges, triggered by the fourth quarter decline in the Company's equity market capitalization. Following these charges, the remaining goodwill balances for each reporting unit reflect management’s best estimate of fair value based on current market conditions and expectations for future performance. We cannot accurately predict the amount and timing of any future impairment of assets. Should the value of goodwill or other intangible assets become impaired, there could be an adverse effect on us.
21
If provisions in our corporate documents and Delaware law delay or prevent a change in control, we may be unable to consummate a transaction that our stockholders consider favorable.
Our certificate of incorporation and by-laws may discourage, delay, or prevent a merger or acquisition involving us that our stockholders may consider favorable. For example, our certificate of incorporation authorizes our Board to issue up to 10,000,000 shares of “blank check” preferred stock. For example, our certificate of incorporation authorizes our Board of Directors to issue up to 10,000,000 shares of “blank check” preferred stock. Without stockholder approval, the Board has the authority to attach special rights, including voting and dividend rights, to this preferred stock. Without stockholder approval, the Board of Directors has the authority to attach special rights, including voting and dividend rights, to this preferred stock. With these rights, preferred stockholders could make it more difficult for a third party to acquire us. Delaware law may also discourage, delay, or prevent someone from acquiring or merging with us.
Item 1B.21Item 1B. Unresolved Staff Comments.
None.
Item 1C. Cybersecurity
A.Governance
Understanding the importance of cybersecurity, the Board maintains oversight of the cybersecurity risks and threats within the organization. Specifically, the Board has delegated authority to the Audit Committee to oversee risk management relating to cybersecurity. The Audit Committee is composed of members with various expertise including risk management, technology, and finance.
The Company’s information security program is managed by a dedicated Vice President (VP) of Security Compliance and Risk Management (VP of Security), whose team is responsible for leading enterprise-wide cybersecurity strategy, policy, standards, architecture, and processes, and who reports directly to the Chief Information Officer (CIO).
The Company’s Security and Privacy Steering Committee meets on a regular basis and provides oversight of our security and privacy programs inclusive of defining the security strategy, reviewing risks and risk management strategies, and program performance. The committee is chaired by the VP of Security and comprises a broad selection of Senior Management leaders within the organization. This facilitates enterprise-wide collaboration in aligning cybersecurity objectives with organizational goals.
B. Key Program Components
Standards Based Program
We use our best efforts to align our cybersecurity risk management with industry best practices, including processes to prevent, identify, assess, treat, monitor, and report on organizational risks. We design and assess our program utilizing tools such as the National Institute of Standards and Technology Cybersecurity Framework. This does not imply that we meet any particular technical standards, specifications, or requirements, only that we use these tools as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. This covers Company owned and managed systems and technologies, along with those supplied to the organization by third parties.
22
Evolving Threats
The program utilizes various resources, inclusive of third-party partners, to support an awareness and understanding of evolving cybersecurity threats, allowing the organization to be actively engaged in understanding and staying abreast of risks, and thereby supporting informed decision-making.
Incident Response
Our strategy includes a formal Incident Response Plan, designed to help the organization prepare for, respond to, and recover from confirmed or suspected cybersecurity or privacy incidents. Further, it evaluates and validates the effectiveness of our incident response capabilities, and allows for improvements as needed.
Data Privacy
During the course of normal business operations, the Company collects, stores, and processes personal data. Being cognizant of the importance of protecting personal data and respecting the rights of individuals to have control over their personal information, the organization implements a data privacy program designed to comply with U.S. data privacy regulations and incorporates data privacy into its risk management program.
Training and Education
Our enterprise-wide awareness and training program is utilized to mitigate risks by educating users on their role in combating security breaches, following good security practices, and maintaining awareness of security risks associated with their actions. This program includes mandatory and optional activities inclusive of online training, presentations, newsletters, blog posts, and simulation exercises.
Use of Third Parties
Being cognizant of the complexity and dynamic nature of cybersecurity threats, the Company engages the services of various third-party experts, inclusive of managed security service providers, application and infrastructure cybersecurity assessors, consultants, and advisors. These engagements allow for the supplementing of our internal capabilities with specialized knowledge and expertise in the execution of cybersecurity strategic functions.
Third-Party Risks
Given that risks associated with third parties can adversely impact an organization’s overall security and risk posture, the Company implements a third-party risk management program to assess the security posture of third-party service providers. This includes security assessments prior to service engagement and ongoing monitoring.
Benchmarking
The Company understands that the effective management of cybersecurity risks requires continuous assessment and improvement. Security benchmarking is a critical component to assess how well our security investments and processes compare with internal and external standards and objectives.
C. Management’s Role and Expertise
Primary responsibility for assessing, monitoring, and managing the Company’s cybersecurity risks rests with the VP of Security, who has nearly two decades of dedicated experience in the field of cybersecurity across multiple industries, and a Ph.D. in Information Systems. Their background includes extensive experience in cybersecurity program development, leadership, and risk management, which is instrumental in the execution of our cybersecurity strategies. Some specific responsibilities include overseeing our governance and compliance, risk management (identification, assessments, and treatment), and security and privacy awareness programs.
More broadly, the Company's CIO possesses a wealth of information technology expertise and has served in various technology leadership roles across multiple industries.The Company's CIO possesses a wealth of information technology expertise and has served in various technology leadership roles across multiple industries. The office of the CIO is responsible for all technology systems, services, and solutions. The cybersecurity function reports directly into the office of the CIO.
23
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| RBB | 45 minutes ago |
| TETEF | 50 minutes ago |
| CHGG | 53 minutes ago |
| SABS | an hour ago |
| TREE | an hour ago |
| CHRS | an hour ago |
| ACIC | an hour ago |
| EDIT | an hour ago |
| AMPY | an hour ago |
| GLRE | an hour ago |
| NL | an hour ago |
| FSP | an hour ago |
| OYSE | an hour ago |
| OWLT | an hour ago |
| RAIL | an hour ago |
| SVCC | an hour ago |
| HTBK | an hour ago |
| FIGX | an hour ago |
| OSUR | an hour ago |
| ACCO | an hour ago |
| NPWR | an hour ago |
| ZVRA | an hour ago |
| MYO | 2 hours ago |
| CRBP | 2 hours ago |
| RBOT | 2 hours ago |
| RPAY | 2 hours ago |
| SEPN | 2 hours ago |
| KRO | 2 hours ago |
| MGNX | 2 hours ago |
| DSGN | 2 hours ago |
| EGBN | 2 hours ago |
| FISI | 2 hours ago |
| BOX | 2 hours ago |
| CTM | 2 hours ago |
| ALXO | 2 hours ago |
| DDD | 2 hours ago |
| TIPT | 2 hours ago |
| VYGR | 2 hours ago |
| EBMT | 2 hours ago |
| BCBP | 4 hours ago |
| BETA | 8 hours ago |
| CRCL | 9 hours ago |
| DY | 9 hours ago |
| GBTG | 10 hours ago |
| SPRB | 10 hours ago |
| DNTH | 10 hours ago |
| BOLD | 11 hours ago |
| RNAC | 11 hours ago |
| CCRN | 11 hours ago |
| MASS | 12 hours ago |
