Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - DGX

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

You should carefully consider all of the information set forth in this Report, including the following risk factors, before deciding to invest in any of our securities. The risks below are not the only ones that we face. Additional risks not presently known to us, or that we presently deem immaterial, may also negatively impact us. Our business, consolidated financial condition, revenues, results of operations, profitability, cash flows or reputation, or the price of our common stock, could be materially impacted by any of these factors.
This Report also includes forward-looking statements that involve risks or uncertainties. Our results could differ materially from those anticipated in these forward-looking statements as a result of certain factors, including the risks we face described below and elsewhere. See “Cautionary Factors that May Affect Future Results.


28

RISKS RELATED TO OUR BUSINESS

The U.S. healthcare system continues to evolve, and medical laboratory testing market fundamentals are changing, and our business could be adversely impacted if we fail to adapt.

The U.S. healthcare system continues to evolve. Significant change is taking place in the healthcare system, including as discussed above under the heading "The Clinical Testing Industry." For example, value-based reimbursement is increasing (e.g., UnitedHealthcare's Preferred Lab Network) and CMS has set goals for value-based reimbursement to be achieved by 2030. Patients are encouraged to take increased interest in and responsibility for, and often are bearing increased responsibility for payment for, their healthcare. Healthcare industry participants are evolving and consolidating. Healthcare services increasingly are being provided by non-traditional providers (e.g., physician assistants), in non-traditional venues (e.g., retail medical clinics, urgent care centers) and using new technologies (e.g., telemedicine, digital pathology). Utilization of the healthcare system is being influenced by several factors and may result in a decline in the demand for diagnostic information services. In addition, we believe that clinical testing market fundamentals are changing. In addition, we believe that clinical testing market fundamentals are changing. The regulatory environment related to reimbursement rates for clinical laboratory tests under Medicare are in flux and we also believe that health plans and consumers increasingly are focusing on driving better value in laboratory testing services. We expect that the evolution of the healthcare industry will continue, and that industry change is likely to be extensive.

In addition, the diagnostic information services industry is faced with potential changes in government regulations that could impact patient access to healthcare. We expect that the evolution of the healthcare industry will continue, and that industry change is likely to be extensive.

The clinical testing business is highly competitive, and if we fail to provide an appropriately priced level of service or otherwise fail to compete effectively it could have a material adverse effect on our revenues and profitability.

The clinical testing business remains a fragmented and highly competitive industry. We primarily compete with three types of clinical testing providers: other commercial clinical laboratories, including smaller regional and local commercial clinical laboratories and specialized advanced laboratories, hospital-affiliated laboratories and physician-office laboratories. We also compete with other providers, including anatomic pathology practices, large physician group practices and providers of consumer-initiated testing. Hospitals and companies that directly or indirectly employ or manage physicians also present a competitive threat to our business. Hospitals generally maintain on-site laboratories to perform testing on their patients (inpatient or outpatient). In addition, many hospitals compete with commercial clinical laboratories for outreach (non-hospital patients) testing. Hospitals may seek to leverage their relationships with community clinicians and encourage the clinicians to send their outreach testing to the hospital's laboratory. Hospitals may seek to leverage their relationships with community clinicians and encourage the clinicians to send their outreach testing to the hospital's laboratory. As a result of this affiliation between hospitals and community clinicians, we compete against hospital-affiliated laboratories primarily based on quality and scope of service as well as pricing. There has been a trend of hospitals acquiring physician practices, increasing the percentage of physician practices owned by hospitals. Increased hospital ownership of physician practices may enhance clinician ties to hospital-affiliated laboratories, even encouraging or requiring the practices they own to refer testing to the hospital's laboratory, strengthening their competitive position further. The formation of ACOs and their approach to contracts with healthcare providers also may increase competition to provide diagnostic information services. The formation of ACOs and their approach to contracts with healthcare providers also may increase competition to provide diagnostic information services. In addition, new players have recently started to provide clinical lab testing services (e.g., employers; government agencies).

The diagnostic information services industry also is faced with changing technology and new product introductions. Competitors may compete using advanced technology, including technology that enables more convenient or cost-effective testing (e.g., technology enabled by AI). Digital pathology is an example of this. Competitors also may compete on the basis of new service offerings. Competitors also may offer new testing services that can be performed outside of a commercial clinical laboratory, such as point-of-care testing that can be administered by physicians in their offices, complex testing that can be performed by hospitals in their own laboratories, and home testing that can be carried out without requiring the services of providers like us.

Government payers, such as Medicare and Medicaid, have taken steps to reduce the utilization and reimbursement of healthcare services, including clinical testing services.

We face efforts by government payers to reduce utilization of and reimbursement for diagnostic information services. One example of this is increased use of prior authorization requirements. We expect efforts to reduce reimbursements, to impose more stringent cost controls and to reduce utilization of clinical test services will continue.

29

Pursuant to PAMA, reimbursement rates for many clinical laboratory tests provided under Medicare were reduced during 2018 - 2020. Unfortunately, by relying on laboratory reported data alone in 2017, CMS did not receive comprehensive and representative data needed to set Medicare rates that reflected the commercial market, as required under PAMA. Independent laboratories were overrepresented, and hospitals and physician office laboratories were underrepresented, making the first round of PAMA cuts excessive. Independent laboratories were overrepresented, and hospitals and physician office laboratories were underrepresented, making the first round of PAMA cuts too extreme and resulting in below market rates. The first three years of cuts greatly exceeded the original 10-year savings projections. Starting in 2020, Congress has repeatedly acted to delay PAMA implementation by delaying the next round of data reporting (2020-2026) and Medicare cuts (2021-2026). However, the structural flaws of PAMA still need to be addressed to mitigate future excessive cuts. Congress introduced legislation in 2025, the Results Act, which would reform PAMA and create a true market-based CLFS.

In addition, CMS has adopted policies limiting or excluding coverage for clinical tests that we perform. In addition, CMS has adopted policies limiting or excluding coverage for clinical tests that we perform. We also provide physician services that are reimbursed by Medicare under a physician fee schedule, which is subject to adjustment on an annual basis. We also provide physician services that are reimbursed by Medicare under a physician fee schedule, which is subject to adjustment on an annual basis. Medicaid reimbursement varies by state and is subject to administrative and billing requirements and budget pressures.

In addition, over the last several years, the federal government has expanded its contracts with private health insurance plans for Medicare beneficiaries, called “Medicare Advantage” programs, and has encouraged such beneficiaries to switch from the traditional programs to the private programs. There has been growth of health insurance plans offering Medicare Advantage programs, and of beneficiary enrollment in these programs. There has been growth of health insurance plans offering Medicare Advantage programs, and of beneficiary enrollment in these programs. States have mandated that Medicaid beneficiaries enroll in private managed care arrangements. States have mandated that Medicaid beneficiaries enroll in private managed care arrangements. In addition, state budget pressures have encouraged states to consider several courses of action that may impact our business, such as delaying payments, reducing reimbursement, restricting coverage eligibility, denying claims and service coverage restrictions. In addition, state budget pressures have encouraged states to consider several courses of action that may impact our business, such as delaying payments, reducing reimbursement, restricting coverage eligibility, denying claims and service coverage restrictions. Further, CMS has set goals for value-based reimbursement to be achieved by 2030.

Reimbursement for Medicare services also is subject to annual reduction under the Budget Control Act of 2011, and the Statutory Pay-As-You-Go Act of 2010.

Other steps taken to reduce utilization and reimbursement include requirements to obtain diagnosis codes to obtain payment, increased documentation requirements, limiting the allowable number of tests or ordering frequency, expanded prior authorization programs and otherwise increasing payment denials.

Steps to reduce utilization and reimbursement also discourage innovation and access to innovative solutions that we may offer.

Health plans and other third parties have taken steps to reduce the utilization and reimbursement of health services, including clinical testing services.

We face efforts by non-governmental third-party payers, including health plans, to reduce utilization of and reimbursement for clinical testing services. Examples include increased use of prior authorization requirements and increased denial of coverage for services. There is increased market activity regarding alternative payment models, including bundled payment models. We expect continuing efforts by third-party payers, including in their rules, practices and policies, to reduce reimbursements, to impose more stringent cost controls and to reduce utilization of clinical testing services. ACOs and hospitals also may undertake efforts to reduce utilization of, or reimbursement for, diagnostic information services.

The healthcare industry has experienced a trend of consolidation among health insurance plans, resulting in fewer but larger insurance plans with significant bargaining power to negotiate fee arrangements with us and other clinical testing providers. The increased consolidation among health plans also has increased pricing transparency, insurer bargaining power and the potential adverse impact of ceasing to be a contracted provider with an insurer. Health plans, and independent physician associations, may demand that clinical testing providers accept discounted fee structures or assume all or a portion of the financial risk associated with providing testing services to their members through capitated payment arrangements. Some health plans also are reviewing test coding, evaluating coverage decisions, requiring additional documentation for claims payment and requiring preauthorization of certain testing. There are also an increasing number of patients enrolling in consumer driven products and high deductible plans that involve greater patient cost-sharing.

Other steps taken to reduce utilization and reimbursement include requirements to obtain diagnosis codes (which can be inconsistent between health plans and government payers) to obtain payment, increased documentation requirements,

30
limiting the allowable number of tests or ordering frequency, expanded prior authorization programs and otherwise increasing payment denials.

Steps to reduce utilization and reimbursement also discourage innovation and access to innovative solutions that we may offer.

Failure to develop, acquire licenses for, introduce, or commercialize new tests, technology and services could negatively impact our testing volume, revenues and profitability.Failure to develop, or acquire licenses for, new tests, technology and services could negatively impact our testing volume and revenues.

The diagnostic information services industry is faced with changing technology and regulation and new product introductions. The diagnostic information services industry is faced with changing technology and new product introductions. Other companies or individuals, including our competitors, may obtain patents or other property rights that would prevent, limit or interfere with our ability to develop, perform or sell our solutions or operate our business or increase our costs. In addition, our competitors or other companies could introduce new tests, technologies or services that may result in a decrease in the demand for our services or cause us to reduce the prices of our services. Our success in continuing to introduce new solutions, technology and services will depend, in part, on our ability to develop or license new and improved technologies on favorable terms. We may be unable to develop, introduce or commercialize new solutions or services. Other companies or individuals, including our competitors, may obtain patents or other property rights on tests or processes that we may be performing, that could prevent, limit or interfere with our ability to develop, perform or sell our tests or operate our business. We also may be unable to continue to negotiate acceptable licensing arrangements, and licensing arrangements that we do enter into may not yield commercially successful clinical tests. If we are unable to license these testing methods at competitive rates, commercialize newly licensed tests or technologies, or obtain appropriate coverage or reimbursement for such tests, our research and development and other costs may increase as a result. In addition, if we are unable to develop and introduce, or license, new solutions, technology and services to expand our advanced testing capabilities, our services may become outdated when compared with our competition.

Failure to establish, and perform to, appropriate quality standards, or to assure that the appropriate standard of quality is observed in the performance of our diagnostic information services, could adversely affect the results of our operations and adversely impact our reputation.

The provision of diagnostic information services involves certain inherent risks. The services that we provide are intended to provide information in providing patient care. Therefore, users of our services may have a greater sensitivity to errors than the users of services or products that are intended for other purposes.

Claims of injury or other adverse events can result from the provision of our services. We may be sued under medical liability or other liability laws for alleged acts or omissions by our pathologists, laboratory personnel and hospital employees who are under our supervision. We may be sued under physician liability or other liability law for acts or omissions by our pathologists, laboratory personnel and hospital employees who are under our supervision. We are subject to the attendant risk of substantial damages awards and risk to our reputation.


RISKS RELATED TO CHANGE IN PUBLIC POLICY
AND THE REGULATORY AND LEGAL ENVIRONMENT

Significant changes or developments in U.S. laws or policies, including changes in U.S. healthcare regulation, may have a material adverse effect on our business.

The political environment impacting healthcare regulation in the United States continues to be uncertain. The services that we offer and our result of operations could be adversely affected by legislative, enforcement, regulatory and public policy changes at the federal or state level, many of which we cannot anticipate at this time. There continues to be pressures on and uncertainty surrounding the U.S. federal government’s budget, and potential changes in budgetary priorities, which could adversely affect the funding for individual programs, including Medicare and other government programs upon which our business depends. Additionally, changes in legislation and regulations (including those related to taxation, trade and importation), economic and monetary policies, geopolitical matters, among other potential impacts, could adversely impact the global economy and our operating results. The potential impact of any new policies or changes to existing policies that have been or may be implemented is currently uncertain.


31
We are subject to numerous legal and regulatory requirements governing our activities, and we may face substantial fines and penalties, and our business activities may be impacted, if we fail to comply.

Our business is subject to or impacted by extensive and frequently changing laws and regulations in the United States (including at both the federal and state levels) and the other jurisdictions where we engage in business, including Canada and Europe. While we seek to conduct our business in compliance with all applicable laws, many of the laws and regulations applicable to us are vague or indefinite and have not been extensively interpreted by the courts, including, among other things, many of those relating to:

billing and reimbursement of clinical testing;
certification or licensure of clinical laboratories;
the anti-self-referral and anti-kickback laws and regulations;
the laws and regulations administered by the FDA;
the laws and regulations administered by foreign governments where we conduct clinical trials and operate outside of the United States;
the corporate practice of medicine;
operational, personnel and quality requirements intended to ensure that clinical testing services are accurate, reliable and timely;
physician fee splitting;
relationships with physicians and hospitals;
marketing to consumers;
protection and privacy of patient data and other personal information;
use of AI;
safety and health of laboratory employees; and
handling, transportation and disposal of medical specimens, infectious and hazardous waste and radioactive materials.

These laws and regulations may be interpreted or applied by a governmental, prosecutorial, regulatory or judicial authority in a manner that could require us to make changes in our operations, including our pricing and/or billing practices. These laws and regulations may be interpreted or applied by a prosecutorial, regulatory or judicial authority in a manner that could require us to make changes in our operations, including our pricing and/or billing practices. We may not be able to maintain, renew or secure required permits, licenses or any other regulatory approvals needed to operate our business or commercialize our services. We may not be able to maintain, renew or secure required permits, licenses or any other regulatory approvals needed to operate our business or commercialize our services. If we fail to comply with applicable laws and regulations, or if we fail to comply with settlement obligations, or if we fail to maintain, renew or obtain necessary permits, licenses and approvals, we could suffer civil and criminal penalties, fines, exclusion from participation in governmental healthcare programs and the loss of various licenses, certificates and authorizations necessary to operate our business, as well as incur additional liabilities from third-party claims. If we fail to comply with applicable laws and regulations, or if we fail to maintain, renew or obtain necessary permits, licenses and approvals, we could suffer civil and criminal penalties, fines, exclusion from participation in governmental healthcare programs and the loss of various licenses, certificates and authorizations necessary to operate our business, as well as incur additional liabilities from third-party claims. If any of the foregoing were to occur, our reputation could be damaged and important business relationships with third parties could be adversely affected.

We regularly receive requests for information, and occasionally subpoenas, from governmental authorities. We also are subject from time to time to qui tam claims brought by former employees or other “whistleblowers.” The federal and state governments continue aggressive enforcement efforts against perceived healthcare fraud. Legislative provisions relating to healthcare fraud and abuse provide government enforcement personnel substantial funding, powers, penalties and remedies to pursue suspected cases of fraud and abuse. Legislative provisions relating to healthcare fraud and abuse provide government enforcement personnel with substantial funding, powers, penalties and remedies to pursue suspected cases of fraud and abuse. In addition, the government has substantial leverage in negotiating settlements since the amount of potential damages far exceeds the rates at which we are reimbursed for our services, and the government has the remedy of excluding a non-compliant provider from participation in the Medicare and Medicaid programs. The federal and state governments have substantial leverage in negotiating settlements since the amount of potential damages and fines far exceeds the rates at which we are reimbursed, and the government has the remedy of excluding a non-compliant provider from participation in the Medicare and Medicaid programs. Regardless of merit or eventual outcome, these types of investigations and related litigation can result in:

diversion of management time and attention;
expenditure of large amounts of cash on legal fees, costs and payment of damages;
increases to our administrative, billing or other operating costs;
limitations on our ability to continue some of our operations;
enforcement actions, fines and penalties or the assertion of private litigation claims and damages;
decreases to the amount of reimbursement related to diagnostic information services performed;
adverse effects to important business relationships with third parties;
decreased demand for our services; and/or
injury to our reputation.


32
Changes in applicable laws and regulations may result in existing practices becoming more restricted, or subject our existing or proposed services to additional costs, delay, modification or withdrawal. Such changes also could require us to modify our business objectives.

Our business and operations could be adversely impacted by the FDA's approach to regulation.

The FDA has regulatory responsibility over, among other areas, instruments, software, test systems, collection kits, reagents and other devices used by clinical laboratories to perform diagnostic testing in the United States. The FDA also regulates drugs-of-abuse testing for employers and insurers, testing for blood bank purposes and testing of donors of human cells for purposes such as in vitro fertilization. We offer companion and complementary diagnostic tests to pharmaceutical companies that are regulated by the FDA.

In May 2024, the FDA announced it was phasing out its general enforcement discretion approach so that LDTs manufactured by a laboratory would generally fall under the same enforcement approach as medical devices. However, in March 2025, a U.S. District Court set aside and vacated the FDA’s LDT rule and the FDA did not appeal the court’s decision. Accordingly, the FDA does not have the authority to regulate LDTs. However, it is the purvey of Congress to enact new laws or amendments to CLIA or the Food, Drug and Cosmetic Act. If this were to occur, any new legislation could have a significant impact on us and the clinical laboratory testing industry. This new legislation could include the regulation of LDTs in a manner that is different than the prior LDT rule, while creating new avenues of opportunity and competition in clinical laboratory testing. New competitors may enter the industry, and competition may come in new forms.

For more information, see above under the heading “Regulation."

Failure to accurately bill for our services, or to comply with applicable laws relating to billing government healthcare programs, could have a material adverse effect on our business.

Billing for diagnostic information services is complex and subject to extensive and non-uniform rules and administrative requirements. Depending on the billing arrangement and applicable law, we bill various payers, such as patients, insurance companies, Medicare, Medicaid, clinicians, hospitals and employer groups. The majority of billing and related operations for our Company are being provided by a third party under the Company's oversight. The majority of billing and related operations for our Company are being provided by a third party under the Company's oversight. Failure to accurately bill for our services could have a material adverse effect on our business. Failure to accurately bill for our services could have a material adverse effect on our business. In addition, failure to comply with applicable laws relating to billing government healthcare programs may result in various consequences, including civil and criminal fines and penalties, exclusion from participation in governmental healthcare programs and the loss of various licenses, certificates and authorizations necessary to operate our business, as well as incur additional liabilities from third-party claims. In addition, failure to comply with applicable laws relating to billing government healthcare programs may result in various consequences, including civil and criminal fines and penalties, exclusion from participation in governmental healthcare programs and the loss of various licenses, certificates and authorizations necessary to operate our business, as well as incur additional liabilities from third-party claims. Certain violations of these laws may also provide the basis for a civil remedy under the federal False Claims Act, including fines and damages of up to three times the amount claimed. Certain violations of these laws may also provide the basis for a civil remedy under the federal False Claims Act, including fines and damages of up to three times the amount claimed. The qui tam provisions of the federal False Claims Act and similar provisions in certain state false claims acts allow private individuals to bring lawsuits against healthcare companies, like us, on behalf of government payers, private payers and/or patients alleging inappropriate billing practices. The qui tam provisions of the federal False Claims Act and similar provisions in certain state false claims acts allow private individuals to bring lawsuits against healthcare companies on behalf of government payers, private payers and/or patients alleging inappropriate billing practices.

Although we believe that we are in compliance, in all material respects, with applicable billing-related laws and regulations, there can be no assurance that a regulatory agency or tribunal would not reach a different conclusion. Although we believe that we are in compliance, in all material respects, with applicable laws and regulations, there can be no assurance that a regulatory agency or tribunal would not reach a different conclusion. The federal or state government may bring claims based on our current practices, which we believe are lawful. The federal and state governments have substantial leverage in negotiating settlements since the amount of potential damages and fines far exceeds the rates at which we are reimbursed, and the government has the remedy of excluding a non-compliant provider from participation in the Medicare and Medicaid programs. We believe that federal and state governments continue aggressive enforcement efforts against perceived healthcare fraud. Legislative provisions relating to healthcare fraud and abuse provide government enforcement personnel with substantial funding, powers, penalties and remedies to pursue suspected cases of fraud and abuse.

We are subject to numerous political (including geopolitical), legal, operational and other risks as a result of our international operations which could impact our business in many ways.

Our international operations (including in Canada) increase our exposure to risks inherent in doing business in non-U.S. markets, which may vary by market and include: intellectual property legal protections and remedies; weak legal systems which may, among other things, affect our ability to enforce contractual rights; trade regulations and procedures and actions affecting approval, production, pricing, supply, reimbursement and marketing of products and services; existing and emerging data privacy regulations affecting the processing and transfer of personal data; new regulations relating to the use of AI; and challenges based on differing languages, cultures and unfamiliar practices. Tariffs, sanctions and other barriers imposed or

33
threatened by the U.S. government, and the responses to those actions from other countries, may result in adverse impacts to the global economic environment, including the global financial and trading markets, which could have a negative impact on our results of operations and financial condition. These actions could also negatively impact our supply chain costs or availability of products we need to operate our business. The ongoing uncertainty with the current state of global trade policy magnifies these risks.

Our international operations also require us to devote management resources to implement our controls and systems in new markets, and to comply with the U.S. Foreign Corrupt Practices Act and similar anti-corruption laws in non-U.S. jurisdictions.

We may be unable to obtain, maintain or enforce our intellectual property rights and may be subject to intellectual property litigation that could adversely impact our business.

We may be unable to obtain or maintain adequate patent or other proprietary rights for our solutions or services or to successfully enforce our proprietary rights. In addition, we may be subject to intellectual property litigation, and we may be found to infringe on the proprietary rights of others, which could force us to do one or more of the following:

cease developing, performing or selling solutions or services that incorporate the challenged intellectual property;
obtain and pay for licenses from the holder of the infringed intellectual property right;
redesign or re-engineer our tests;
change our business processes; or
pay substantial damages, court costs and attorneys' fees, including potentially increased damages for any infringement held to be willful.

Adverse results in material litigation could have an adverse financial impact and an adverse impact on our client base and reputation.

We are involved in various legal proceedings arising in the ordinary course of business including, among other things, disputes as to intellectual property, professional liability and employee-related matters, as well as inquiries from governmental authorities and Medicare or Medicaid carriers. Some proceedings against us involve claims that are substantial in amount and could divert management's attention from operations. These proceedings also may result in substantial monetary damages and reputational harm.

RISKS RELATED TO OUR INDEBTEDNESS

Our outstanding debt may impair our financial and operating flexibility.

As of December 31, 2025, we had approximately $5.7 billion of debt outstanding. Other than credit facilities in the normal course of business, we do not have any off-balance sheet financing arrangements in place or available. Our debt agreements contain various restrictive covenants. These restrictions could limit our ability to use operating cash flow in other areas of our business because we must use a portion of these funds to make principal and interest payments on our debt. We have obtained ratings on our public debt from Standard and Poor's, Moody's Investor Services and Fitch Ratings. There can be no assurance that any rating so assigned will remain for any given period of time or that a rating will not be lowered or withdrawn entirely by a rating agency if in that rating agency's judgment future circumstances relating to the basis of the rating, such as adverse changes in our Company or our industry, so warrant. If such ratings are lowered, our borrowing costs could increase. Changes in our credit ratings, however, do not require repayment or acceleration of any of our debt.

We or our subsidiaries may incur additional indebtedness in the future. Increases in interest rates may increase our financing costs making it more challenging for us to incur additional debt necessary to fund our operations and strategic objectives. Our ability to make principal and interest payments will depend on our ability to generate cash in the future.Our ability to make principal and interest payments will depend on our ability to generate cash in the future. If we incur additional debt, a greater portion of our cash flows may be needed to satisfy our debt service obligations and if we do not generate sufficient cash to meet our debt service requirements, we may need to seek additional financing. In that case, it may be more difficult, or we may be unable, to obtain financing on terms that are acceptable to us. As a result, we would be more vulnerable to general adverse economic, industry and capital markets conditions as well as the other risks associated with indebtedness.



34
RISKS RELATED TO OUR OPERATIONS

The development of new technologies is rapidly changing diagnostic testing, which will impact the healthcare industry and the competitive environment. The development of new, more cost-effective solutions that can be performed by our customers or by patients, which could accelerate the internalization of testing by hospitals or clinicians, could negatively impact our testing volume and revenues.

The diagnostic information services industry is facing rapidly changing technology and innovations in product offerings, including technology that enables more convenient, accessible and cost-effective testing. For example, digital pathology is a technology that we are currently deploying that may change the practice of pathology and our role in it. For example, digital pathology is an emerging technology that may change the practice of pathology and our role in it. Competitors also may offer new testing services that can be performed outside of a commercial clinical laboratory, such as point-of-care testing that can be administered by physicians in their offices, complex testing that can be performed by hospitals in their own laboratories, and home testing that can be carried out without requiring the services of providers like us. Competitors also may offer new testing services that can be performed outside of a commercial clinical laboratory, such as point-of-care testing that can be administered by physicians in their offices, complex testing that can be performed by hospitals in their own laboratories, and home testing that can be carried out without requiring the services of outside providers. Further, diagnostic tests approved or cleared by the FDA for home use are automatically deemed to be “waived” tests under CLIA and may be performed by consumers in their homes; test kit manufacturers could seek to increase sales to patients of such test kits. Additionally, some traditional customers for anatomic pathology services, including specialty physicians that generate biopsies through surgical procedures, such as dermatologists, gastroenterologists, urologists and oncologists, are consolidating, have added in-office histology labs or have retained pathologists to read cases on site. Additionally, some traditional customers for anatomic pathology services, including specialty physicians that generate biopsies through surgical procedures, such as dermatologists, gastroenterologists, urologists and oncologists, are consolidating, have added in-office histology labs or have retained pathologists to read cases on site. Hospitals also are internalizing clinical laboratory testing, including some non-routine and advanced testing. These technological advances (and the ones yet to come) and the continued internalization of testing services may lead to the need for less frequent testing and/or less use of the testing services we offer.

We have been and expect to continue to use AI technology in the testing services we offer.34 Table of Contents We have been and expect to continue to use AI technology in the testing services we offer. The challenges with properly managing the development and use of these technological innovations could result in harm to our reputation, business or customers, and adversely affect our results of operations.

We have been and expect to continue to use AI technology in our testing services, and we anticipate it will become increasingly important to us over time. This technology, including generative AI, which is in its early stages of broader commercial implementation, presents a number of risks inherent in its use, including risks related to cybersecurity, privacy and data security and use practices and our oversight of how we use AI. Additionally, AI technology can create accuracy issues and other outcomes that could harm our customers and negatively impact our reputation and our business. Further, our competitors may develop new testing services and other products relying on AI more rapidly or more successfully than us, which could hinder our ability to compete effectively and adversely affect our results of operations. Using AI successfully will require significant resources, including having the technical expertise required to develop, test and maintain AI-based testing services and continually developing the appropriate governance and oversight of our use of AI. In addition, we anticipate that there will continue to be new regulatory requirements concerning the use of AI, which may aim to regulate, limit, or block the use of AI in our testing and other services or otherwise impose other restrictions that may hinder their usability or effectiveness.

Hardware and software failures or delays in our IT systems, including failures resulting from our systems conversions, services and support provided by third parties, or otherwise, could disrupt our operations and cause the loss of confidential information, customers and business opportunities or otherwise adversely impact our business.Hardware and software failures or delays in our IT systems, including failures resulting from our systems conversions or otherwise, could disrupt our operations and cause the loss of confidential information, customers and business opportunities or otherwise adversely impact our business.

IT systems are used extensively in virtually all aspects of our business, including clinical testing, test reporting, billing, customer service, logistics and management of medical data. Our success depends, in part, on the continued and uninterrupted performance of our IT systems. A failure or delay in our IT systems could impede our ability to serve our customers and patients and protect their confidential data. Despite redundancy and backup measures and precautions that we have implemented, our IT systems may be vulnerable to damage, disruptions and shutdown from a variety of sources, including the age of the technology, telecommunications or network failures, system conversion, standardization or modernization initiatives, human acts and natural disasters. For example, in connection with Project Nova, we committed to a multi-year project to modernize our "Order to Cash" business processes, including the related information technology infrastructure and underlying enabling technologies. We are partnering with Epic, a third-party licensor, to assist in the implementation of Project Nova. These issues can also arise as a result of failures by third parties with whom we do business, including manufacturers and developers of the hardware and software we use, and over which we have limited control. These issues can also arise as a result of failures by third parties with whom we do business and over which we have limited control. Any disruption or failure of our IT systems, including in connection with Project Nova, could have a material impact on our ability to serve our customers and patients, including negatively affecting our reputation in the marketplace, or otherwise adversely impact our business. If our IT systems are successfully attacked, it could result in major disruption of our business, compromise confidential information, and result in litigation and potential liability for the Company, government investigation, significant damage to our reputation or otherwise adversely affect our business.

Our business could be negatively affected if we are unable to continue to strengthen our efficiency.


35
It is important that we continue to strengthen our efficiency, including through the use of technology and automation, to promote our competitive position and enable us to mitigate the impact on our profitability of steps taken by government payers and health insurers to reduce the utilization and reimbursement of diagnostic information services, and to partly offset pressures from an inflationary environment, including labor and benefit cost increases, and reimbursement pressures.

Our business operations and reputation may be materially impaired if we do not comply with privacy laws or information security policies.

In our business, we collect, generate, process or maintain sensitive information, such as patient data and other personal information. We are subject to laws and regulations regarding protecting the security and privacy of certain healthcare and personal information, including: (a) the federal Health Insurance Portability and Accountability Act and the regulations thereunder, which establish (i) a complex regulatory framework including requirements for safeguarding protected health information and (ii) comprehensive federal standards regarding the uses and disclosures of protected health information; (b) state laws (e.g., California) and similar laws in other states; and (c) laws outside the United States, including the European Union's General Data Protection Regulation, Canada’s Personal Information Protection and Electronic Documents Act and provincial health privacy laws, and similar laws in other jurisdictions., California) and similar laws in other states; and (c) laws outside the United States, including the European Union's General Data Protection Regulation and similar laws in other jurisdictions.

If we do not use or adequately safeguard that information in compliance with applicable requirements under federal, state and international laws, or if it were disclosed to persons or entities that should not have access to it, our business could be materially impaired, our reputation could suffer, and we could be subject to fines, penalties and litigation. If we do not use or adequately safeguard that information in compliance with applicable requirements under federal, state and international laws, or if it were disclosed to persons or entities that should not have access to it, our business could be materially impaired, our reputation could suffer, and we could be subject to fines, penalties and litigation. These issues can also arise as a result of failures by third parties with whom we do business and over which we have limited control. We are increasingly collaborating with new entrants in the health services industry who are facilitating consumers’ growing interest in taking direct responsibility for their own healthcare, where we provide the underlying testing services for their consumer health service offerings. These companies are increasingly handling and processing highly sensitive consumer health data and our contractual relationship with these companies could expose us to legal or regulatory risk and reputational harm if they are unable to adequately safeguard this information. In the event of a data security breach, we may be subject to notification obligations, litigation and governmental investigation or sanctions, and may suffer reputational damage, which could have an adverse impact on our business.

Our approach to corporate responsibility may not satisfy all our stakeholders.

We regularly assess opportunities and risks related to corporate responsibility, which includes sustainability, social and governance matters. We regularly assess opportunities and risks related to environmental, social and governance (ESG) matters. As part of this process, we make decisions related to these matters and may set goals and targets related to sustainability and social matters. As part of this process, we make decisions related to ESG matters and may set goals and targets related to ESG matters. We have a broad range of stakeholders, including our stockholders, employees, customers, which include government entities, patients and communities we serve, some of whom increasingly focus on corporate responsibility considerations and many have different or conflicting expectations with respect to corporate responsibility and related matters. Some of our stockholders, employees, customers and patients may consider corporate responsibility factors in making investment, employment and service provider decisions. Our ability to achieve the goals we may set related to corporate responsibility matters are subject to numerous risks and uncertainties, many of which are outside of our control. Our ability to achieve the goals we may set related to ESG matters are subject to numerous risks and uncertainties, many of which are outside of our control. Despite our efforts, we may not achieve our goals on the timetable we set or at all. Despite our efforts, we may not achieve our ESG goals on the timetable we set or at all. Additionally, certain of our stakeholders may not be satisfied with our decisions related to corporate responsibility matters, the goals we set, our progress towards these goals or the resulting outcomes. Additionally, certain of our stakeholders may not be satisfied with our decisions related to ESG matters, the goals we set regarding ESG matters, our progress towards these goals or the resulting outcomes. This could lead to negative perceptions of, or loss of support for, our business, difficulty recruiting or attracting new employees and our stock price being negatively impacted.

The IT systems that we rely on may be subject to unauthorized tampering, cyberattack or other security breach.

Our IT systems have been and are subject to potential cyberattacks, tampering or other security breaches. These attacks, if successful, could result in shutdowns or significant disruptions of our IT systems and/or in unauthorized persons exfiltrating and misappropriating intellectual property and other confidential information, including patient and employee data that we collect, transmit and store on and through our IT systems.

External actors may develop and deploy viruses, other malicious software programs, ransomware attacks, distributed denial of service attacks or other attempts to harm or obtain unauthorized access to our systems, including through the increased use of AI and other emerging technologies. External actors may develop and deploy viruses, other malicious software programs, ransomware attacks, AI, distributed denial of service attacks or other attempts to harm or obtain unauthorized access to our systems. External actors may also deploy programs targeting our employees which are designed to attack our IT systems or otherwise exploit security vulnerabilities through programs such as electronic spamming, phishing, smishing, spear phishing or similar tactics. As a result of the difficulty in detecting many of these attacks, intrusions and breaches, failures or losses may be repeated or compounded before they are discovered or rectified, which could further increase these costs and consequences. Additionally, new technology that we deploy to automate processes, improve customer

36
service, generate insights from lab and other data and stimulate innovation to improve operational efficiency, including the expanded use of AI, may further expose our IT systems to the risk of cyberattacks and may create the need for rapid modifications to our cybersecurity program. Also, an increasing risk of civil unrest, political tensions, wars or other military conflicts may also impact the cybersecurity threat risk landscape.

Although the Company has implemented robust security measures, which are monitored and routinely tested both by internal resources and external parties, cybersecurity threats and attacks against us continue to evolve and occur and may not be recognized until after an incident. Although the Company has robust security measures implemented, which are monitored and routinely tested both by internal resources and external parties, cybersecurity threats against us continue to evolve and may not be recognized until after an incident. Although the attacks we have experienced in the past have not materially disrupted, interrupted, damaged or shutdown the Company's IT systems, or materially disrupted the Company's performance of its business, the mitigation or remediation efforts that we have undertaken, and may undertake in the future, require the attention of management and expenditures of resources, which can be significant. Although the attacks we have experienced have not materially disrupted, interrupted, damaged or shutdown the Company's IT systems, or materially disrupted the Company's performance of its business, the mitigation or remediation efforts that we have undertaken, and may undertake in the future, require the attention of management and expenditures of resources, which can be significant. There can be no assurance that the Company can anticipate all evolving future attacks, viruses or intrusions, implement adequate preventative measures, or remediate any security vulnerabilities on a timely basis or at all. If our IT systems are successfully attacked, it could result in major and/or prolonged disruption of our business, compromise confidential information, and result in litigation and potential liability for the Company, government investigation, significant damage to our reputation or otherwise adversely affect our business. If our IT systems are successfully attacked, it could result in major disruption of our business, compromise confidential information, and result in litigation and potential liability for the Company, government investigation, significant damage to our reputation or otherwise adversely affect our business.

In addition, third parties to whom we outsource certain of our services or functions, or with whom we interface, store or process confidential patient and employee data or other confidential information, as well as those third parties’ providers, have experienced and remain subject to the risks outlined above. For example, in June 2019, the Company reported that Retrieval-Masters Creditors Bureau, Inc. For example, in June 2019, the Company reported that Retrieval-Masters Creditors Bureau, Inc. /American Medical Collection Agency (AMCA), informed the Company that an unauthorized user had access to AMCA’s system./American Medical Collection Agency (AMCA), informed the Company about a data security incident involving AMCA. AMCA previously provided debt collection services for the Company and provided debt collection services for a company that provides revenue management services to the Company. AMCA’s affected system included financial, medical and other personal information. The Company’s systems or databases were not involved in this incident. A breach or attack affecting third parties with whom we engage could also harm our business, results of operations and reputation and subject us to liability. Additionally, many of the third-party service providers we rely on use AI for a variety of purposes, which increases the risk that our sensitive and proprietary data, and the data of our patients and customers, could be inadvertently or maliciously exposed.

We have taken, and continue to take, precautionary measures to reduce the risk of, and detect and respond to, future cybersecurity threats, and prevent or minimize vulnerabilities in our IT systems, including the loss or theft of intellectual property, patient and employee data or other confidential information that we obtain and store on our systems. We also have taken, and will continue to take, measures to assess the cybersecurity protections used by third parties to whom we outsource certain of our services or functions, or with whom we interface, store or process confidential patient and employee data or other confidential information. In addition, we collaborate with government agencies regarding potential cybersecurity threats and have worked with firms that have cyber security expertise to evaluate our systems and the attacks we experience and strengthen our systems. There can be no assurances that our precautionary measures or measures used by our third-party providers will prevent, contain or successfully defend against cyber or information security threats that could have a significant impact on our business, results of operations and reputation and subject us to liability.

Our ability to attract and retain qualified employees and maintain good relations with our employees is critical to the success of our business and the failure to do so may materially adversely affect our performance.

The supply of qualified technical, professional, managerial and other personnel, including cytotechs, phlebotomists and specimen processors, is currently constrained; competition for qualified employees, even across different industries, is intense, including as individuals leave the job market. We may lose, or fail to attract and retain, key management personnel, or qualified skilled technical, professional or other employees.

In addition, we believe that our overall relations with our employees are good. However, unfavorable labor environments, unionization activity (including in non-U.S. markets), a failure to comply with labor or employment laws or reputational considerations triggered by any of the risks described in this Report could result in, among other things, labor unrest, strikes, work stoppages, slowdowns by the affected workers, fines, penalties and a loss of employees. If any of these events were to occur, the Company could experience a disruption of its operations or higher ongoing labor costs, either of which could have a material adverse effect upon the Company's business.

Business development activities are inherently risky and integrating our operations with businesses we acquire may be difficult.

We plan selectively to enhance our business from time to time through business development activities, such as acquisitions, licensing arrangements, investments and alliances, including joint ventures. However, these plans are subject to

37
the availability of appropriate opportunities and competition from other companies seeking similar opportunities. Moreover, the success of any such effort may be affected by a number of factors, including our ability to properly assess and value the potential business opportunity, obtain any necessary regulatory clearance (including due to antitrust concerns), integrate the new businesses and manage the costs related to any such integration, and retain key technical, professional or management personnel. Moreover, the success of any such effort may be affected by a number of factors, including our ability to properly assess and value the potential business opportunity, and to integrate it into our business. The success of our strategic alliances depends not only on our contributions and capabilities, but also on the property, resources, efforts and skills contributed by our strategic partners. Further, disputes may arise with strategic partners, due to conflicting priorities or conflicts of interests.

Acquisitions are not all the same (e.g., asset acquisitions differ from acquisitions of equity interests); different acquisitions offer different risks and require different levels of effort to obtain regulatory clearance., asset acquisitions differ from acquisitions of equity interests); different acquisitions offer different risks. Acquisitions may involve the integration of a separate company that has different systems, processes, policies and cultures. Integration of acquisitions involves a number of risks including the diversion of management's attention to the integration of the operations of assets or businesses we have acquired, difficulties in the diligence and integration of operations and systems and the realization of potential operating synergies, or introduction of IT security vulnerabilities not adequately investigated during diligence or managed after acquisition, the integration and retention of the personnel of the acquired businesses and of our existing business, challenges in retaining the customers of the combined businesses, and potential adverse effects on operating results. Integration of acquisitions involves a number of risks including the diversion of management's attention to the assimilation of the operations of assets or businesses we have acquired, difficulties in the diligence and integration of operations and systems and the realization of potential operating synergies, or introduction of IT security vulnerabilities not adequately investigated during diligence, the assimilation and retention of the personnel of the acquired businesses, challenges in retaining the customers of the combined businesses, and potential adverse effects on operating results. The process of negotiating, completing and integrating acquisitions may be disruptive to our businesses (especially as transactions become increasingly complex) and may cause an interruption of, or a loss of momentum in, such businesses as a result of the following difficulties, among others:

loss of key customers or employees;
difficulty and/or delays in standardizing information and other systems;
difficulty in consolidating facilities and infrastructure;
failure to maintain the quality or timeliness of services and profitability that our Company has historically provided;
failing to satisfy the performance requirements of the physicians associated with an acquired outreach business;
regulatory delay or failure to develop, acquire licenses for, introduce, or commercialize newly-acquired tests, technology and services;
diversion of management's attention from the day-to-day business of our Company as a result of the need to deal with the foregoing disruptions and difficulties; and
the added costs of dealing with such disruptions.

If we are unable successfully to integrate strategic acquisitions in a timely manner, our business and our growth strategies could be negatively affected. Even if we are able to successfully complete the integration of the operations of other assets or businesses we may acquire in the future, we may not be able to realize all or any of the benefits that we expect to result from such integration, either in monetary terms or in a timely manner. We have also entered into arrangements with a number of new entrants in the health services industry who are leveraging the increasing trend for consumers to manage and take direct responsibility for their own healthcare, where we provide the underlying testing services for their consumer health service offerings. These companies are operating in a new, rapidly evolving and uncertain regulatory landscape that subjects them to several risks, including those related to application of regulatory requirements (e.g., under CLIA, for testing performed outside of a commercial laboratory), unlicensed and corporate practice of medicine laws that differ across the United States, reimbursement uncertainty of direct-to-consumer health services, specimen collection errors and logistics, cybersecurity and health data privacy risks and clinical and professional liability. Our contractual relationship with these companies could expose us to these legal or regulatory risks and reputational harm.

Our operations may be adversely impacted by the effects of natural disasters such as hurricanes and earthquakes, public health emergencies and pandemics, geopolitical conflicts, hostilities or acts of terrorism and other criminal activities.

We operate facilities primarily across the United States, and consumers frequently visit our facilities in person. The ability of our employees and consumers to access our facilities may be adversely impacted by the effects of extreme weather events and natural disasters, such as hurricanes, earthquakes, tropical storms, floods, fires, or other extreme weather conditions, including major winter storms, droughts and heat waves; public health emergencies and pandemics; geopolitical conflicts, hostilities or acts of terrorism or other activities. The ability of our employees and consumers to access our facilities may be adversely impacted by the effects of extreme weather events and 37 Table of Contents natural disasters, such as hurricanes, earthquakes, tropical storms, floods, fires, or other extreme weather conditions, including major winter storms, droughts and heat waves; public health emergencies and pandemics; geopolitical matters, hostilities or acts of terrorism or other activities. Although we maintain a business continuity program to prepare for and respond to such events, because of their unpredictable nature, these events may limit or interrupt our ability to conduct operations. Additionally, such events may interrupt our ability to transport specimens, to receive materials from our suppliers or otherwise to provide our services. These events also may result in a decline in the number of patients who seek clinical testing services or in our employees' ability to perform their job duties.


38
Any future public health emergencies or pandemics may negatively affect us, including through its impact on the labor force and supply chain.

We are subject to risks associated with public health emergencies and pandemics, such as the COVID-19 pandemic. Any future public health emergency or pandemic could expose us to the risks we experienced during the COVID-19 pandemic and result in, among other things, a reduction in physician office visits and diagnostic testing volume, the cancellation of elective medical procedures, or customers closing or curtailing their operations, as well as increased unemployment and loss of health insurance. We may also experience labor shortages and supply chain disruptions, including shortages, delays and price increases in testing equipment and supplies, as a result of a public health emergency or pandemic. Suppliers and manufacturers we rely upon may experience disruptions and delays stemming from raw material and labor shortages, supply challenges and significant disruptions in transport and logistics services due to facility closures, labor constraints and other challenges. These challenges may affect our ability to transport specimens, receive equipment, supplies or materials, or otherwise provide our services in a timely manner or at a reasonable price. In addition, labor shortages may affect our ability to achieve our staffing or productivity goals.

The extent to which we may be impacted by future public health emergencies and pandemics will depend on many factors beyond our knowledge or control. These factors include: the timing, extent, trajectory and duration of any public health emergency or pandemic; increases in infection rates and the geographic location of such increases; the development, availability, distribution and effectiveness of vaccines and treatments; the imposition of protective public safety measures; and the impact of any public health emergency or pandemic on supply chain and the global economy. To the extent any future public health emergency or pandemic adversely affects our business, results of operations and financial condition, it may also have the effect of heightening other risks described in this Report.

Inflationary pressures could adversely impact us because of increases in the costs of materials, supplies and services, and increased labor and people-related expenses.

Inflationary pressures over the last number of years have resulted in increases in the costs of the testing equipment, supplies and other goods and services that we purchase from manufacturers, suppliers and others. Inflationary pressures have resulted in increases in the costs of the testing equipment, supplies and other goods and services that we purchase from manufacturers, suppliers and others. Inflationary pressures, along with the competition for labor, have also resulted in a rise of our labor costs, which include the costs of compensation, benefits, and recruiting and training new hires. Our ability to raise the prices and fees we charge for the services we provide is limited. An inflationary environment may adversely impact us.



CAUTIONARY FACTORS THAT MAY AFFECT FUTURE RESULTS

Some statements and disclosures in this document are forward-looking statements. Forward-looking statements include all statements that do not relate solely to historical or current facts and can be identified by the use of words such as “may,” “believe,” “will,” “expect,” “project,” “estimate,” “anticipate,” “plan,” “aim,” “endeavor” or “continue.” These forward-looking statements are based on our current plans and expectations and are subject to a number of risks and uncertainties that could cause our plans and expectations, including actual results, to differ materially from the forward-looking statements. Investors are cautioned not to unduly rely on such forward-looking statements when evaluating the information presented in this document. The following important factors could cause our actual financial results to differ materially from those projected, forecasted or estimated by us in forward-looking statements:

(a) Heightened competition from commercial clinical testing companies, hospitals, physicians and others.
(b) Increased pricing pressure from customers, including payers and patients, and changing relationships with customers, payers, suppliers or strategic partners.
(c) Uncertain and volatile economic conditions, including the impact of an inflationary environment and changes in government policies, including related to trade.
(d) Impact of changes in payment mix, including increased patient financial responsibility and any shift from fee-for-service to discounted, risk-sharing, capitated or bundled fee arrangements.
(e) Adverse actions by government or other third-party payers, including healthcare reform that focuses on reducing healthcare costs but does not recognize the value and importance to healthcare of clinical testing or innovative solutions, unilateral reduction of fee schedules payable to us, unilateral recoupment of amounts allegedly owed and competitive bidding.

39
(f) The impact upon our testing volume and collected revenue or general or administrative expenses resulting from compliance with policies and requirements imposed by Medicare, Medicaid and other third-party payers. These include:
(1) the requirements of government and other payers to provide diagnosis codes and other information for many tests;
(2) inability to obtain from patients a valid advance consent form for tests that cannot be billed without prior receipt of the form;
(3) the impact of additional or expanded limited coverage policies and limits on the allowable number of test units or ordering frequency of same; and
(4) the impact of increased prior authorization programs.
(g) Adverse results from pending or future government investigations, lawsuits or private actions. These include, in particular, monetary damages, loss or suspension of licenses, and/or suspension or exclusion from the Medicare and Medicaid programs and/or criminal penalties.
(h) Failure to efficiently integrate acquired businesses, integrate our business with our joint ventures, and to manage the costs related to any such integration and implementation requirements, or to retain key technical, professional or management personnel.
(i) Denial, suspension or revocation of CLIA certification or other licenses for any of our clinical laboratories under the CLIA standards, revocation or suspension of the right to bill the Medicare and Medicaid programs or other adverse regulatory actions by federal, state and local agencies.
(j) Changes in and complexity of federal, state or local laws or regulations, including changes that result in new or increased federal or state regulation of commercial clinical laboratories, tests developed by commercial clinical laboratories or other products or services that we offer or activities in which we are engaged, including regulation by the FDA.
(k) Inability to identify, consummate or achieve expected benefits from our acquisitions of other businesses.
(l) Inability to achieve additional benefits from our business performance tools and efficiency initiatives.
(m) Adverse publicity and news coverage about the diagnostic information services industry or us.
(n) Failure of the Company to maintain, defend and secure its financial, accounting, technology, customer data and other operational systems from cyberattacks, IT system outages, telecommunications failures, malicious human acts and failure of the systems of third parties upon which the Company relies.
(o) Development of technologies that substantially alter the practice of clinical testing, including technology changes that lead to the development of more convenient, accessible and cost-effective testing, or new testing services that can be performed outside of a commercial clinical laboratory, such as point-of-care testing that can be administered by physicians in their offices, complex testing that can be performed by hospitals in their own laboratories or home testing that can be carried out without requiring the services of clinical laboratories.
(p) Challenges, including the associated competitive pressures, with properly managing the development, implementation, oversight and use of AI.
(q) Negative developments regarding intellectual property and other property rights that could prevent, limit or interfere with our ability to develop, perform or sell our tests or operate our business. These include:
(1) issuance of patents or other property rights to our competitors or others; and
(2) inability to obtain or maintain adequate patent or other proprietary rights for our products and services or to successfully enforce our proprietary rights.
(r) Development of tests by our competitors or others which we may not be able to license, or usage (or theft) of our technology, similar technologies, our trade secrets or other intellectual property by competitors, any of which could negatively affect our competitive position.
(s) Regulatory delay or inability to commercialize newly developed or licensed tests or technologies or to obtain appropriate reimbursements for such tests.
(t) The complexity of billing and revenue recognition for clinical laboratory testing.
(u) Increases in interest rates and negative changes in our credit ratings from Standard & Poor's, Moody's Investor Services or Fitch Ratings causing an unfavorable impact on our cost of or access to capital.
(v) Inability to hire or retain qualified employees, including key senior management personnel, and maintain good relations with our employees.

40
(w) Terrorist and other criminal activities, hurricanes, earthquakes or other natural disasters, geopolitical hostilities or other global conflicts, public health emergencies and pandemics, which could affect our customers or suppliers, transportation or systems, or our facilities, and for which insurance may not adequately reimburse us.
(x) Difficulties and uncertainties in the discovery, development, regulatory environment and/or marketing of new services or solutions or new uses of existing tests.
(y) Failure to adapt to changes in the healthcare system (including the medical laboratory testing market) and healthcare delivery, including those stemming from PAMA, trends in utilization of the healthcare system and increased patient financial responsibility for services.
(z) Results and consequences of governmental inquiries.
(aa) Difficulty in implementing, or lack of success with, our strategic plan.
(bb) The impact of healthcare data analysis on our industry and the ability of our Company to adapt to that impact.
(cc) Failure to adequately operationalize appropriate controls around use of our data, including risk of non-compliance with privacy law requirements.
(dd) The other factors that are discussed within “Item 1. Business,” “Item 1A. (ee) The other factors that are discussed within “Item 1. Business,” “Item 1A. Risk Factors” and “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations” of this Annual Report on Form 10-K.

41


Item 1B. Unresolved Staff Comments

There are no unresolved SEC comments that require disclosure.

Item 1C. Cybersecurity.

Risk Management and Strategy

The strength and resilience of our cybersecurity and data privacy programs are critical in maintaining the trust of our patients, customers, employees, shareholders, and other stakeholders. Securing our business information, customer, patient and employee data and IT systems is an important part of our overall risk management framework. We rely on IT systems, some of which are dependent on services provided by third parties, to provide data and other services, including diagnostic information services for patients, clinicians and healthcare organizations, clinical testing, test ordering and reporting, billing, customer service, logistics, commercial and operational data, human resources management, legal, finance and tax compliance, and other information and processes necessary to operate and manage our business.

We maintain comprehensive cybersecurity and data privacy programs that are designed to be aligned to best practice frameworks and applicable laws and regulations, as well as our contractual obligations. These enterprise-wide programs are designed to secure our facilities, information systems and safeguard data throughout its lifecycle, including data provided to third parties performing services on our behalf. Our cybersecurity program incorporates standards, processes, and activities over a number of domains, including governance, access controls, facility and data protection, IT systems and data transmission security, threat intelligence and incident response, third-party risk management, disaster recovery and vulnerability management.

Our cybersecurity risk management program monitors our systems and networks for threats, breaches, intrusions and other vulnerabilities; assesses the security of our company-wide software, applications and systems; conducts security audits and threat assessments; responds to cybersecurity incidents; and facilitates training for our employees. Our program includes procedures to identify cybersecurity risks and threats of our suppliers and third-party outsourcing providers with whom we interface, or who store, process, host or transmit confidential patient and employee data or other confidential information. Our Strategic Threat and Intelligence Center manages our threat landscape and uses a variety of security technology and threat intelligence tools designed to detect, prevent, block, analyze, and respond to cybersecurity threats. We collaborate with government agencies regarding potential cybersecurity threats and work with consultants and other third-party advisors to conduct security assessments and independent audits of the security and resilience of our systems and networks. At least annually, we review and test our program to simulate emergent threats and scenarios that could arise from potential cybersecurity attacks and data breaches. Our cybersecurity program is based on multiple security frameworks, including the National Institute of Standards and Technology’s NIST 800 Special Publication Information Security standard, MITRE ATT&CK Framework, the Payment Card Industry Data Security Standard, the System and Organization Controls for Service Organizations 2 (SOC 2), and ISO 9001:2015 and ISO 15189.

We have integrated cybersecurity risk management into our overall risk management infrastructure through our enterprise risk management program. The enterprise risk management program, which is driven by our executive leadership, entails a formal process that identifies, assesses, mitigates and manages the risks from both internal and external conditions that could significantly impact the Company and influence our business strategy and performance.

Although no cybersecurity incident during the year ended December 31, 2025 resulted in an interruption of our operations, known losses of critical data or otherwise had a material impact on our strategy, financial condition or results of operations, the scope of any future incident cannot be predicted. See “Item 1A. Risk Factors” for more information.

Governance

The Company’s Chief Information Security Officer (CISO), in coordination with the Company’s Chief Litigation Officer, Executive Director, Privacy Officer, Corporate Controller/Chief Accounting Officer, Executive Director, Corporate Security and other internal stakeholders, is responsible for leading the team responsible for assessing, identifying and managing cybersecurity and data privacy risks, including implementation of our cybersecurity risk management program. The CISO has extensive experience working in the IT and services industry and is a subject matter expert in varied topics including cybersecurity, data integrity, IT risk, enterprise architecture, third-party risk, threat intelligence, incident response, and

42
regulatory compliance. Management committees consisting of senior officers of the Company regularly receive briefings on cybersecurity matters, who in turn regularly report to the Board of Directors and its committees on such matters.

The Board of Directors and its committees play an active role in overseeing our key enterprise level risks. Our Board, which annually reviews our enterprise risk management program, has delegated primary responsibility for overseeing the enterprise risk management program to the Audit and Finance Committee. The Board has delegated primary oversight of cybersecurity, a key enterprise risk, to the Cybersecurity Committee. The Board’s Quality and Compliance Committee oversees and receives regular updates on data privacy, another key enterprise risk.

The Audit and Finance Committee is responsible for reviewing our policies with respect to risk assessment and risk management, as well as our insurance programs, including regarding cybersecurity. Our internal audit team reports to the Audit and Finance Committee on summaries of findings from completed internal audits of, among other matters, our IT security systems and processes, including network security and data protection. The Audit and Finance Committee regularly reports to the Board on its activities.

The Cybersecurity Committee is responsible for the general oversight of our cybersecurity policies, plans, program and practices and risks related to cybersecurity and data security. The Cybersecurity Committee reviews the adequacy and effectiveness of our cybersecurity program and regularly receives reports from management on cybersecurity matters. It also reviews our management of risks and compliance with legal and regulatory requirements and industry standards related to our IT security systems and processes, including network security and data protection. The Cybersecurity Committee regularly reports on its activities to the Board to promote effective coordination and to ensure the entire Board remains apprised of the effectiveness of our cybersecurity risk management and our cybersecurity risk landscape, and also assesses how management is managing these risks.


43

Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
AVPT 2 hours ago
NXRT 2 hours ago
SRE 2 hours ago
CABO 2 hours ago
TPC 2 hours ago
BPAC 2 hours ago
WERN 2 hours ago
SDRL 2 hours ago
CHRD 2 hours ago
RYTM 2 hours ago
STEL 2 hours ago
FLOC 2 hours ago
WRBY 2 hours ago
XRAY 2 hours ago
EIG 2 hours ago
DXPE 2 hours ago
AA 2 hours ago
MKL 2 hours ago
ENOV 2 hours ago
MTCH 2 hours ago
KNTK 2 hours ago
WHD 2 hours ago
VCTR 2 hours ago
AUB 2 hours ago
MP 2 hours ago
AMPH 2 hours ago
PBYI 2 hours ago
PJT 2 hours ago
GPCR 2 hours ago
BUSE 2 hours ago
NABL 2 hours ago
Q 2 hours ago
REAL 2 hours ago
DGX 2 hours ago
MTZ 2 hours ago
CTKB 2 hours ago
KGS 2 hours ago
DNA 2 hours ago
ALTG 2 hours ago
WTFC 2 hours ago
NNI 2 hours ago
DEC 2 hours ago
BKU 2 hours ago
VCYT 2 hours ago
JANX 2 hours ago
SHAK 2 hours ago
COLB 2 hours ago
RKLB 2 hours ago
ACRS 2 hours ago
SITC 2 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard