Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - MOH

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. RISK FACTORS

Our business involves significant risks. You should carefully consider the risks described below and all of the other information set forth in this Form 10-K, including our consolidated financial statements and accompanying notes. These risks and other factors may affect our forward-looking statements, including those we make in this Form 10-K or elsewhere, such as in press releases, presentations to securities analysts or investors, or other communications made by or with the approval of one of our executive officers.

If any of the following risks actually occurs, our business, financial condition, results of operations, and future prospects could be materially and adversely affected. In that event, among other effects, the trading price of our common stock could decline, and you could lose part or all of your investment.

RISKS RELATED TO OUR BUSINESS

The Medicaid rates paid to us by states may be insufficient to cover our rising medical care costs.

Our premium revenues consist of fixed monthly payments per member, and supplemental payments for other services such as maternity deliveries. These premiums are fixed by contract, and we are obligated during the contract periods to provide healthcare services as established by the state governments in which our health plans operate. Rate increases are most typically implemented by states on only an annual basis. If the premiums paid to us are not increased at a rate that is commensurate with the rate at which medical expenses related to healthcare services rise, or the rate at which health care utilization rates increase, our medical margins will be compressed or eliminated, and our earnings will be negatively affected. We have seen in prior quarters that medical expenses have risen higher than anticipated, and that our capitation rates have not kept pace with the sharp rate of that medical care cost increase. Our inability to predict future medical expenses and future rates of utilization may continue in future quarters due to the inherently unpredictable and continually evolving market conditions. Further, if the actuarial assumptions made by a state in implementing a rate or benefit change are incorrect or quickly become outdated, or if they are at variance with or do not keep pace with the prevailing medical cost trend or particular utilization patterns of the members of one or more of our health plans, our medical margins could be reduced or eliminated. In addition, a state could increase hospital or other provider reimbursement without making a commensurate increase in the reimbursement paid to us, could lower our rates without making a commensurate reduction in the rates paid to hospitals or other providers, could delay the processing of rate changes, or could even make a retroactive rate adjustment or recoupment with regard to a period where we thought the payment amount was final. Insufficient rate increases, a continuing spike in medical care costs or utilization that outpace our rate increases, or retroactive rate reductions or recoupments in one or more of the states in which we operate, could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

We offer Marketplace plans in many of the states where we offer Medicaid health plans. In 2026, we are participating in the Marketplace in all our markets except Arizona, Iowa, Massachusetts, Michigan, Nebraska, New York, and Wisconsin. Our Marketplace plans allow our Medicaid members to stay with their providers as they transition between Medicaid and the Marketplace. We develop each state’s Marketplace premium rates during the spring of each year for policies effective in the following calendar year. Premium rates are based on our estimates of utilization of services and unit costs, anticipated member risk acuity and related federal risk adjustment transfer amounts, and non-benefit expenses such as administrative costs, taxes, and fees. Marketplace plan selection by members is highly price sensitive, and the Marketplace markets in general are highly volatile and unpredictable from year to year. Even though certain advanced premium tax credits (“APTCs”) expired at the end of 2025, it is possible that they could be renewed, but the timing of such a decision, and the manner in which they could be renewed, is uncertain. This expiration, as well as any future elimination or reduction of other APTCs or subsidies, could make such coverage unaffordable to some individuals and thereby reduce overall participation in the Marketplace and our membership. These fluctuations could have a significant adverse effect on our business and future operations, and our results of operations and financial condition. Any variation from our cost expectations regarding acuity, enrollment levels, adverse selection, or other assumptions utilized in setting premium rates, could have a material adverse effect on our results of operations, financial position, and cash flows. In addition, the non-renewal of Marketplace premium subsidies starting in 2026 could negatively impact our

Molina Healthcare, Inc. 2025 Form 10-K | 20

Marketplace enrollment.

Our health plans operate with very low profit margins, and small changes in operating performance or slight changes to our accounting estimates could have a disproportionate impact on our reported net income.

If we fail to accurately predict and effectively manage our medical care costs, our operating results could be materially and adversely affected.

Our profitability depends to a significant degree on our ability to accurately predict and effectively manage our medical care costs. Historically, our medical care ratio, meaning our medical care costs as a percentage of our premium revenue, has fluctuated substantially, and has varied across our health plans. Because the premium payments we receive are generally fixed in advance and we operate with a narrow profit margin, relatively small changes in our medical care ratio can create significant changes in our overall financial results. For example, if our overall medical care ratio of 91.7% for the year ended December 31, 2025, had been one percentage point higher, or 92.7%, our net income per diluted share for the year ended December 31, 2025 would have been approximately $2.72 rather than our actual net income per diluted share of $8.92, a difference of $6.20.

Many factors may affect our medical care costs, including:

•the level of utilization of healthcare services;

•changes in the underlying risk acuity of our membership;

•unexpected patterns in the annual flu season;

•increases in hospital costs, pharmacy costs, or behavior healthcare costs;

•increased incidence or acuity of high dollar claims related to catastrophic illnesses or medical conditions for which we do not have adequate reinsurance coverage;

•changes in state eligibility certification methodologies;

•relatively low levels of hospital and specialty provider competition in certain geographic areas;

•changes in healthcare regulations and practices;

•epidemics or pandemics;

•new medical technologies or new pharmaceutical treatments or other innovative therapies; and

•other various external factors.

Many of these factors are beyond our control. The inability to accurately forecast and effectively manage our medical care costs or to establish and maintain a satisfactory medical care ratio, either with respect to a particular health plan or across the consolidated entity, could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

The complexity of some of our Medicaid contract provisions, imprecise language in those contracts, the desire of state Medicaid agencies in some circumstances to retroactively adjust the rates that they have paid to us or otherwise recoup premium amounts that we reasonably believed to be final, or state delays in processing rate changes, can create uncertainty around the amount of revenue we should recognize. Any circumstance such as those described above could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

If the responsive bids of our health plans for new or renewed Medicaid contracts are not successful, or if our government contracts are terminated or are not renewed on favorable terms, our premium revenues could be materially reduced, our operating results could be negatively impacted, and we may not realize the full projected amount of our embedded earnings.

We currently derive our premium revenues from health plans that operate in 21 states. Our Medicaid premium revenue constituted 75% of our consolidated premium revenue in the year ended December 31, 2025. Measured by Medicaid premium revenue by health plan, our top four health plans were in California, New York, Texas, and Washington, with aggregate Medicaid premium revenue of $17.3 billion, or approximately 54% of total Medicaid premium revenue, in the year ended December 31, 2025. If we are unable to continue to operate in any of our

Molina Healthcare, Inc. 2025 Form 10-K | 21

existing jurisdictions, or if our current operations in those jurisdictions or any portions of those jurisdictions are significantly curtailed or terminated entirely, our revenues could decrease materially.

Many of our government contracts are effective only for a fixed period of time and will only be extended for an additional period of time if the contracting entity elects to do so. When our government contracts expire, they may be opened for bidding by competing health plans, and there is no guarantee that the contracts will be renewed or extended. Even if our contracts are renewed or extended, there can be no assurance that they will be renewed or extended on the same terms or without a reduction in the applicable service areas.

Even if our responsive bids are successful, the bids may be based upon assumptions regarding enrollment, utilization, medical costs, or other factors which could result in the contract being less profitable than we had expected or could result in a net loss. Furthermore, our contracts contain certain provisions regarding, among other things, eligibility, enrollment and dis-enrollment processes for covered services, eligible providers, periodic financial and information reporting, quality assurance and timeliness of claims payment, and are subject to cancellation if we fail to perform in accordance with the standards set by regulatory agencies. The occurrence of any of the foregoing may result in our failing to achieve the full realization of our embedded earnings.

We are subject to risks associated with outsourcing services and functions to third parties.

We contract with third party vendors and service providers who provide services to us and our subsidiaries or to whom we delegate selected functions. Some of these third parties have direct access to our systems. Our arrangements with third party vendors and service providers may make our operations vulnerable if those third parties fail to satisfy their obligations to us, including their obligations to maintain and protect the security and confidentiality of our information and data or the information and data relating to our members or customers. We are also at risk of a data security incident involving a vendor or third party, which could result in a breakdown of such third party’s data protection processes or cyber-attackers gaining access to our infrastructure through the third party. To the extent that a vendor or third party suffers a data security incident that compromises its operations, we could incur significant costs and possible service interruption. Any contractual remedies and/or indemnification obligations we may have for vendor or service provider failures or incidents may not be adequate to fully compensate us for any losses suffered as a result of any vendor’s failure to satisfy its obligations to us or under applicable law. Violations of, or noncompliance with, laws and/or regulations governing our business or noncompliance with contract terms by third party vendors and service providers could increase our exposure to liability to our members, providers, or other third parties, or could result in sanctions and/or fines from the regulators that oversee our business. In turn, this could increase the costs associated with the operation of our business or have an adverse impact on our business and reputation. Moreover, if these vendor and service provider relationships were terminated for any reason, we may not be able to find alternative partners in a timely manner or on acceptable financial terms. We may incur significant costs and/or experience significant disruption to our operations in connection with any such vendor or service provider transition. As a result, we may not be able to meet the full demands of our members or customers and, in turn, our business, financial condition, and results of operations may be harmed.

We and our third-party service providers are exposed to cybersecurity risks, which may result in operational impact, increased costs, exposure to significant legal liability, reputational harm, loss of business, and other serious negative consequences.

As part of our normal operations, we and certain of our third-party service providers routinely collect, process, store (both onsite and in the cloud), and transmit large amounts of data, including sensitive Personal Information as well as proprietary or confidential information relating to our members, employees, business, or other third parties (collectively, “Confidential Information”). Additionally, we rely on computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business (collectively, “IT Systems”). We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services, including but not limited to cloud computing services. We and our third-party suppliers and service providers face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity and availability of IT Systems and Confidential Information, including from diverse threat actors, such as state-sponsored organizations, opportunistic hackers and hacktivists, as well as through diverse attack vectors, such as social engineering/phishing, malware (including ransomware), malfeasance by insiders, human or technological error, and as a result of malicious code embedded in open-source software, or misconfigurations, bugs or other vulnerabilities in commercial software that is integrated into our (or our suppliers’ or service providers’) IT Systems, products or services. They also may be able to develop and deploy viruses, worms, and other malicious software programs that attack our systems or otherwise exploit security vulnerabilities. We may also face increased cybersecurity risks due to our reliance on

Molina Healthcare, Inc. 2025 Form 10-K | 22

internet technology and our remote working environment, which may create additional opportunities for cybercriminals to exploit vulnerabilities. These same risks are also faced by our significant vendors who are also in possession of sensitive Confidential Information. Because the techniques used to circumvent, gain access to, or sabotage security systems can be highly sophisticated, may use advanced technologies (such as artificial intelligence) and change frequently, they often are not recognized until launched against a target, and may originate from less regulated and remote areas around the world. We may be unable to anticipate these techniques, which can circumvent security controls, evade detection and remove forensic evidence, or implement adequate preventive measures, resulting in potential inappropriate access, breach, or data loss and damage to our IT Systems, Confidential Information, or business. Additionally, any integration of artificial intelligence in our or any service providers’ operations, products or services is expected to pose new or unknown cybersecurity risks and challenges. Our IT Systems are also subject to compromise from internal threats such as improper action by employees, including malicious insiders, or by vendors, counterparties, and other third parties with otherwise legitimate access to our systems. We have acquired and may in the future acquire companies that may contain cybersecurity vulnerabilities and/or unsophisticated security measures, which can expose us to cybersecurity, operational, and financial risks.

Moreover, we face the ongoing challenge of managing access controls in a complex environment. The process of enhancing our protective measures can itself create a risk of systems disruptions and security issues. Given the breadth of our operations and the increasing sophistication of cyberattacks, a particular incident could occur and persist for an extended period of time before being detected. The extent of a particular cyberattack and the steps that we may need to take to investigate the attack may take a significant amount of time before such an investigation could be completed and full and reliable information about the incident is known. During such time, the extent of any harm or how best to remediate it might not be known, which could further increase the risks, costs, and consequences of a data security incident. The volume of new software vulnerabilities has increased substantially, as has the importance of patches and other remedial measures. In addition to remediating newly identified vulnerabilities, previously identified vulnerabilities must also be updated. In other situations, vulnerabilities persist even after we have issued security patches because our customers or third-party service providers may fail to apply patches or update their systems to newer software versions. The complexity of our systems and platforms, the increased frequency at which vendors are issuing security patches to their products, our need to test patches and, in some instances, coordinate with third parties before they can be deployed, all could further increase our risks.

Those third-party service providers may also be subject to data intrusions or data breaches. The Company maintains cybersecurity insurance in the event of an information security or cyber incident. However, we cannot guarantee that the coverage will be sufficient to cover all financial losses and liabilities.

We and certain of our third-party service providers may experience cyberattacks and other incidents, and we expect such attacks and incidents to continue in varying degrees. In addition, we may also be subject to cyberattacks and other incidents. While to date no incidents have had a material impact on our operations or financial results, we cannot guarantee that material incidents will not occur in the future. Any adverse impact to the availability, integrity or confidentiality of our IT Systems or Confidential Information, or related litigation, and governmental investigations could divert the attention of management from the operation of our business, result in reputational damage, and have a material adverse impact on our business, cash flows, financial condition, and results of operations.

Molina Healthcare, Inc. 2025 Form 10-K | 23

Noncompliance with any privacy, security, or data protection laws and regulations, or any security breach, cyber-attack, or cyber-security breach, and any incident involving the misappropriation, theft, loss, or other unauthorized disclosure or use of, or access to, IT Systems or sensitive or Confidential Information, whether by us or by one of our third-party service providers, could require us to expend significant resources to continue to modify or enhance our protective measures and to remediate any damage.

Our growth strategy includes the pursuit of targeted inorganic growth opportunities that we believe will provide a strategic fit, leverage operational synergies, and lead to incremental earnings accretion. The integration of acquired businesses with our existing business is a complex, costly, and time-consuming process. If we are unable to achieve these objectives within the anticipated time frame, or at all, the anticipated benefits may not be fully realized, or may take longer to realize than expected.

Our acquisitions and the related integration activities involve a number of risks, including the following:

•The transition services that a seller may have agreed to provide following the closing may not be provided in a timely or efficient manner, or certain necessary transition services may not be provided at all; similarly, any agreement by us to provide “reverse transition services” to a seller may be unduly burdensome, inefficient, and costly;

•Unforeseen expenses or delays associated with the acquisition and/or integration, including the unexpected emergence of liabilities of the acquired entity that had not previously been disclosed or foreseen;

•The assumptions underlying our expectations regarding the integration process or the expected benefits to be achieved from an acquisition may prove to be incorrect;

•Maintaining employee morale and retaining key management and other employees, and satisfactorily addressing any differences in corporate culture;

•Difficulties retaining the business and operational relationships of the acquired business, and attracting new business and operational relationships;

•Unanticipated attrition in the membership of the acquired business pending the completion of the proposed transaction or after the closing of the transaction;

•Unanticipated difficulties or costs in integrating information technology, communications, and other systems, consolidating corporate and administrative infrastructures, and eliminating duplicative operations;

•Attention to integration activities may divert management’s attention from ongoing business concerns, which could result in performance shortfalls;

•Successfully addressing the challenges inherent in managing a larger company and coordinating geographically separate organizations; and

•Delays in obtaining, or inability to obtain, necessary state or federal regulatory approvals, or such approvals may impose conditions that were not anticipated.

Many of these factors are outside of our control, and any one of them could result in delays, increased costs, decreases in the amount of expected revenues, and diversion of management's time and energy, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations. There can be no assurances that we will be successful in managing our expanded operations as a result of acquisitions or that we will realize the expected growth in earnings, operating efficiencies, cost savings, or other benefits.

We may be unable to sustain our projected rate of growth due to a lack of merger and acquisition opportunities.

Many of the targets of our strategic transactions have been non-profit entities. If the number of health care entities willing and able to enter into consolidation transactions with us declines in the future, we may be unable to fully achieve our growth strategy, which could have an adverse effect on our business, financial condition, or results of operations.

Molina Healthcare, Inc. 2025 Form 10-K | 24

Failure to attain profitability in any newly acquired health plans or new start-up operations could negatively affect our results of operations.

Start-up costs associated with a new business can be substantial. For example, to obtain a certificate of authority to operate as a health maintenance organization in most jurisdictions, we must first establish a provider network, develop and establish infrastructure and required systems, and demonstrate our ability to process claims. Often, we are also required to contribute significant capital to fund mandated net worth requirements, performance bonds or escrows, or contingency guaranties. If we are unsuccessful in obtaining a certificate of authority, winning the bid to provide services, building out our provider network, or attracting and retaining members in sufficient numbers to cover our start-up costs, the new business could fail, or the losses we incur could impact our results of operations.

If we lose contracts that constitute a significant amount of our premium revenue, we will lose the administrative cost efficiencies or cost leverage that is inherent in a larger revenue base.

We currently spread the cost of centralized services over a large revenue base. Many of our administrative costs are fixed in nature and will be incurred at the same level regardless of the size of our revenue base. If we lose contracts that constitute a significant amount of our revenue, we may not be able to reduce the expense of centralized services in a manner that is proportional to that loss of revenue. In such circumstances, not only will our total dollar margins decline, but our percentage margins, measured as a percentage of revenue, will also decline.

Our health plans are subject to risk associated with various contractual provisions and regulations establishing medical cost expenditure floors, profit ceilings, risk corridors, or quality withholds.

A substantial portion of our premium revenue is subject to contract provisions pertaining to medical cost expenditure floors and corridors, administrative cost and profit ceilings, premium stabilization programs, or cost-plus and performance-based reimbursement programs. Many of these contract provisions are complex, or are poorly or ambiguously drafted, and thus are subject to differing interpretations by us and the relevant government agency with whom we contract. If the applicable government agency disagrees with our interpretation or implementation of a particular contract provision, we could be required to adjust the amount of our obligation under that provision. Any such adjustment could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

In addition, many of our contracts contain provisions pertaining to at-risk premiums that require us to meet certain quality performance measures to earn all of our contract revenues. If we are unsuccessful in achieving the stated performance measure, we will be unable to recognize the revenue associated with that measure, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

If, in the interest of long-term profitability, we decide to exit certain state contractual arrangements, make changes to our provider networks, or make changes to our administrative infrastructure, we may suffer disruptions to our business that could in the short term materially reduce our premium revenues and our net income.

Decisions that we make with regard to retaining or exiting our portfolio of state or federal contracts, and changes to the manner in which we serve the members of those contracts, could generate substantial expenses associated with the run out of existing operations and the restructuring of those operations that remain. Such expenses could include, but would not be limited to, goodwill and intangible asset impairment charges, restructuring costs, additional medical costs incurred due to the inability to leverage long-term relationships with medical providers, and costs incurred to finish the run out of businesses that have ceased to generate revenue, all of which could materially reduce our premium revenues and net income.

A failure to accurately estimate incurred but not paid medical care costs may negatively impact our results of operations.

Because of the lag in time between when medical services are actually rendered by our providers and when we receive, process, and pay a claim for those medical services, we must continually estimate our medical claims liability at particular points in time and establish claims reserves related to such estimates. Our estimated reserves for such incurred but not paid, or IBNP, medical care costs are based on numerous assumptions and inputs. We estimate our medical claims liabilities using actuarial methods based on historical data adjusted for claims receipt and payment experience (and variations in that experience), changes in membership, provider billing practices, healthcare service utilization trends, cost trends, product mix, seasonality, prior authorization of medical services, benefit changes, known incidence of disease, or increased incidence of illness such as the flu or COVID, provider contract changes, changes to Medicaid fee schedules, and the incidence of high dollar or catastrophic claims. Our

Molina Healthcare, Inc. 2025 Form 10-K | 25

ability to accurately estimate claims for our newer lines of business or populations is negatively impacted by the more limited experience we have had with those newer lines of business or populations.

The IBNP estimation methods we use and the resulting reserves that we establish are reviewed and updated, and adjustments, if deemed necessary, are reflected in the current period. Given the numerous uncertainties inherent in such estimates, our actual claims liabilities for a particular quarter or other period could differ significantly from the amounts estimated and reserved for that quarter or period. Our actual claims liabilities have varied and will continue to vary from our estimates, particularly in times of significant changes in utilization, medical cost trends, and populations and markets served.

Our estimates of IBNP may be inadequate in the future, which would negatively affect our results of operations for the relevant time period. Furthermore, if we are unable to accurately estimate IBNP, our ability to take timely corrective actions may be limited, further exacerbating the extent of the negative impact on our results.

If we are unable to deliver quality care, and maintain good relations with the physicians, hospitals, and other providers with whom we contract, or if we are unable to enter into cost-effective contracts with such providers, our profitability could be adversely affected.

We contract with physicians, hospitals, and other providers as a means to ensure access to healthcare services for our members, to manage medical care costs and utilization, and to better monitor the quality of care being delivered. We compete with other health plans to contract with these providers. We believe providers select plans in which they participate based on criteria including reimbursement rates, timeliness and accuracy of claims payment, potential to deliver new patient volume and/or retain existing patients, effectiveness of resolution of calls and complaints, and other factors. There can be no assurance that we will be able to successfully attract and retain providers to maintain a competitive network in the geographic areas we serve. In addition, in any particular market, providers could refuse to contract with us, demand higher payments, or take other actions which could result in higher medical care costs, disruption to provider access for current members, a decline in our growth rate, or difficulty in meeting regulatory or accreditation requirements. Moreover, in the ordinary course there is natural turnover and change among physician practices, including office moves, practitioner retirements, cessation of practice, practice mergers or additions, and so on. Often we are not made aware of these changes on a timely basis or at all, which makes it highly difficult to maintain fully accurate provider directories at all times. The inaccuracy of our provider directors incidental to such change could subject us to fines, sanctions, lawsuits, or other liabilities.

The Medicaid program generally pays doctors and hospitals at levels well below those of Medicare and private insurance. Large numbers of doctors, therefore, do not accept Medicaid patients. In the face of fiscal pressures, some states may reduce rates paid to providers, which may further discourage participation in the Medicaid program.

In some markets, certain providers, particularly hospitals and some specialists, may have significant market positions or even monopolies.

Some providers that render services to our members are not contracted with our health plans. In those cases, there is no pre-established understanding between the provider and our health plan about the amount of compensation that is due to the provider. If providers claim they are underpaid for their services, they may litigate or arbitrate their dispute with our health plan. State and federal laws intended to prevent or limit “surprise billing,” such as the No Surprises Act, define the compensation that must be paid to out-of-network providers in certain scenarios, and require rate disputes between payors and out-of-network providers to be resolved through independent dispute resolution (“IDR”). There have been lawsuits challenging portions of the No Surprises Act in federal courts, particularly related to the use of the qualifying payment amount in the IDR process, which may result in an increase in rates we must pay to out-of-network providers. Federal agencies have continued to issue guidance regarding the implementation of the No Surprises Act, and we expect the agencies’ interpretations of the law’s requirements will continue to evolve. The impact that federal and state surprise billing laws will have on our business is uncertain and could adversely affect our business, financial condition, cash flows, or results of operations.

We rely on the accuracy of eligibility lists provided by state governments. Inaccuracies in those lists could negatively affect our results of operations.

Premium payments to our health plans are based upon eligibility lists produced by state governments. From time to time, states require us to reimburse them for premiums paid to us based on an eligibility list that a state later

Molina Healthcare, Inc. 2025 Form 10-K | 26

discovers contains individuals who are not in fact eligible for a government sponsored program or are eligible for a different premium category or a different program. Alternatively, a state could fail to pay us for members for whom we are entitled to payment. Our results of operations would be adversely affected as a result of such reimbursement to the state if we make or have made related payments to providers and are unable to recoup such payments from the providers. Further, when a state implements new programs to determine eligibility, establishes new processes to assign or enroll eligible members into health plans, or chooses new subcontractors, there is an increased potential for an unanticipated impact on the overall number of members assigned to managed care health plans. Whenever a state effects an eligibility redetermination for any reason, there is generally an associated reduction in Medicaid membership, which could have an adverse effect on our premium revenues and results of operations.

The insolvency of a delegated provider could obligate us to pay its referral claims, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Many of our primary care physicians and a small portion of our specialists and hospitals are paid on a capitated basis. Under capitation arrangements, we pay a fixed amount per member per month to the provider without regard to the frequency, extent, or nature of the medical services actually furnished. Due to insolvency or other circumstances, such providers may be unable or unwilling to pay claims they have incurred with third parties in connection with referral services provided to our members. The inability or unwillingness of delegated providers to pay referral claims presents us with both immediate financial risk and potential disruption to member care, as well as potential loss of members. Depending on states’ laws, we may be held liable for such unpaid referral claims even though the delegated provider has contractually assumed such risk. Additionally, competitive pressures or practical regulatory considerations may force us to pay such claims even when we have no legal obligation to do so; or we have already paid claims to a delegated provider and such payments cannot be recouped when the delegated provider becomes insolvent. Liabilities incurred or losses suffered as a result of provider insolvency or other circumstances could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

If a state fails to renew its federal waiver application for mandated Medicaid enrollment into managed care or such application is denied, our membership in that state will likely decrease.

States may only mandate Medicaid enrollment into managed care under federal waivers or demonstrations. Waivers and programs under demonstrations are approved for two- to five-year periods and can be renewed on an ongoing basis if the state applies and the waiver request is approved or renewed by CMS. We have no control over this renewal process. If a state in which we operate does not renew its mandated program or the federal government denies the state’s application for renewal, our business would suffer as a result of a likely decrease in membership.

Our business depends on our information and medical management systems, and our inability to effectively integrate, manage, update, and keep secure our information and medical management systems could disrupt our operations.

Our business is dependent on effective and secure information systems, cloud providers and artificial intelligence (“AI”) capabilities that assist us in processing provider claims, monitoring utilization and other cost factors, supporting our medical management techniques, providing data to our regulators, and implementing our data security measures. Our members and providers also depend upon our information systems for enrollment, premium processing, primary care and specialist physician roster access, membership verifications, claims status, provider payments, and other information. If we experience a reduction in the performance, reliability, or availability of our information and medical management systems, our operations, ability to pay claims, ability to produce timely and accurate reports, and ability to maintain proper security measures, could be adversely affected.

We have partnered with third parties to support our information technology systems. This makes our operations vulnerable to adverse effects if such third parties fail to perform adequately. If any licensor or vendor of any technology which is integral to our operations were to become insolvent or otherwise fail to support the technology sufficiently, our operations could be negatively affected. Additionally, our operations are vulnerable to adverse effects if such third parties are unable to perform due to forces outside of their control, such as a natural disaster or serious weather event.

Our encounter data, or the encounter data of the health plans we acquire, may be inaccurate or incomplete, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations, and on our ability to bid for, and continue to participate in, certain programs.

Our contracts require the submission of complete and correct encounter data. The accurate and timely reporting of

Molina Healthcare, Inc. 2025 Form 10-K | 27

encounter data is increasingly important to the success of our programs because more states are using encounter data to determine compliance with performance standards and to set premium rates. We have been, and continue to be, exposed to operating sanctions and financial fines and penalties for noncompliance. In some instances, our government clients have established retroactive requirements for the encounter data we must submit. There also may be periods of time in which we are unable to meet existing requirements. In either case, it may be prohibitively expensive or impossible for us to collect or reconstruct this historical data. Moreover, these same issues may also apply to the health plans we acquire, and we may be required to expend significant costs or pay fines to correct these deficiencies.

In the past, we have experienced challenges in obtaining complete and accurate encounter data due to difficulties with providers and third-party vendors submitting claims in a timely fashion in the proper format, and with state agencies in coordinating such submissions. As states increase their reliance on encounter data, these difficulties could adversely affect the premium rates we receive and how membership is assigned to us, and subject us to financial penalties, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations, and on our ability to bid for, and continue to participate in, certain programs.

As part of our operating efficiencies, we are making appreciable investments in certain AI administrative tools and initiatives to enhance our operations and to save costs. The development and use of AI technologies is still in its early stages. There are risks associated with the development and deployment of AI, and there can be no assurance that the usage of AI will enhance our operations or reduce our operational costs. Our AI-related efforts may give rise to risks related to accuracy, bias, discrimination, intellectual property rights and infringement, data privacy, and cybersecurity, among others. In addition, these risks include the possibility of new, changing, or enhanced governmental or regulatory scrutiny, litigation, other legal liability, ethical concerns, negative consumer perceptions as to automation and AI, or other complications that could adversely affect our business, reputation, or financial results. For instance, the California Privacy Protection Agency’s new regulations under the CCPA regarding the use of automated decision-making went into effect on January 1, 2026. California also enacted seventeen new laws in 2024 that further regulate use of AI technologies and provide consumers with additional protections around companies’ use of AI technologies, such as requiring companies to disclose certain uses of generative AI. Other states are also considering AI-focused legislation, which would require developers and deployers of “high-risk” AI systems to implement certain safeguards against algorithmic discrimination. However, there also continues to be uncertainty regarding the enforceability of such regulations and how they will apply to the development and use of AI technologies. For instance, the federal government may seek to preempt state laws when they seek to govern certain topics, as evidenced by the Trump administration’s “Ensuring a National Policy Framework for Artificial Intelligence” Executive Order signed on December 11, 2025. This order calls for federal standards and legislation that would preempt conflicting state AI regulations and create a federal litigation task force focused on challenging state AI laws in court. The Trump administration may continue to implement new or rescind existing federal orders and/or administrative policies relating to AI technologies. Any such changes at the federal level could require us to expend significant resources to modify our products, services, or operations to ensure compliance or remain competitive. As a result, implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet completely determine the impact future laws, regulations, standards, or market perception of their requirements may have on our business and may not always be able to anticipate how to respond to these laws or regulations. Therefore, it is not possible to predict all of the risks and potentially unintended consequences related to the use of AI by vendors, third-party developers, or the Company.

An impairment charge with respect to our recorded goodwill, or our finite-lived intangible assets, could have a material impact on our financial results.

As of December 31, 2025, the carrying amount of goodwill was $1,958 million, and intangible assets, net, were $237 million.

Goodwill represents the excess of the purchase consideration over the fair value of net assets acquired in business combinations. Impairment indicators may include declines, or expected declines, in operating performance or cash-flows, significant losses of membership, state funding, or state contracts, adverse regulatory changes, or other declines in market conditions, such as a decline in the company’s market capitalization. Goodwill is impaired if the carrying amount of a reporting unit exceeds its estimated fair value. This excess is recorded as an impairment loss and adjusted if necessary for the impact of tax-deductible goodwill. The loss recognized may not exceed the total goodwill allocated to the reporting unit.

Molina Healthcare, Inc. 2025 Form 10-K | 28

An event could occur that would cause us to revise our estimates and assumptions used in analyzing the value of our goodwill, and intangible assets, net. For example, if the responsive bid of one or more of our health plans is not successful, we will lose a contract in the applicable state or states and such loss may be an indicator of impairment. If an event or events occur that would cause us to revise our estimates and assumptions used in analyzing the value of our goodwill and other intangible assets, such revision could result in a non-cash impairment charge that could have a material impact on our results of operations in the period in which the impairment occurs.

The value of our investments is influenced by varying economic and market conditions, and a decrease in value may result in a loss charged to income.

We maintain a significant investment portfolio of cash equivalents and short-term and long-term investments in a variety of securities, which are subject to general credit, liquidity, market, and interest rate risks. As a result, we may experience a reduction in value or loss of our investments, which may have a negative adverse effect on our results of operations, liquidity, and financial condition. Changes in the economic environment, including periods of increased volatility in the securities markets and recent increases in inflation and interest rates, can increase the difficulty of assessing investment impairment and increase the risk of potential impairment of these assets. There is continuing risk that declines in the fair value of our investments may occur, and material impairments may be charged to income in future periods, resulting in recognized losses.

RISKS RELATED TO OUR INDUSTRY

Medicaid enrollees continue to be subject to eligibility redeterminations and potential disenrollments on a state by state basis, and the number and health acuity level of Medicaid enrollees we retain may be lower than our current estimates.

Following the end of the COVID-19 public health emergency, we lost approximately 675,000 members due to eligibility redeterminations. Actuarial assumptions related to the health acuity of remaining members may continue to be difficult to predict or may be inaccurate, resulting in inaccurate rates to be paid to health plans. Errors in our estimates related to redeterminations, and actuarial errors related to the acuity of Medicaid members, may impact our business, financial condition, cash flows, or results of operations.

CMS has now ended the MMP program, which programmatic change could impact our premium revenues.

To coordinate care for those who qualify to receive both Medicare and Medicaid services (the “dual eligibles”), under the direction of CMS some states implemented demonstration pilot programs to integrate Medicare and Medicaid services for the dual eligibles. The health plans participating in such demonstrations are referred to as MMPs.

Moreover, many states are now requiring Medicare to be offered by a health plan if that health plan is awarded a Medicaid contract. These new requirements could impact our readiness status or eligibility under certain state Medicaid programs or contracts.

Further, the Star Rating System utilized by CMS to evaluate Medicare plans may have a significant effect on our revenue, as higher-rated plans tend to experience increased enrollment and plans with a Star rating of 4.0 or higher are eligible for quality-based bonus payments. Those Medicare plans that achieve less than a 3.0 Star rating for either part C or D for three consecutive years are issued a notice of non-renewal of their contract for the following year. If we do not maintain our Star ratings above 3.0 or continue to improve our Star ratings, fail to meet or exceed our competitors’ Star ratings, or if quality-based bonus payments are reduced or eliminated, we may experience a negative impact on our revenues and the benefits that our plans can offer, which could materially and adversely affect the marketability of our plans, our membership levels, results of operations, financial condition, or cash flows. Similarly, if we fail to meet or exceed any performance standards imposed by state Medicaid programs in which we participate, we may not receive performance-based bonus payments, we may incur penalties, or we may lose our Medicaid contract which may also result in a loss to our Medicare contract if it is a HIDE or FIDE D-SNP.

We are periodically subject to government audits, including CMS RADV audits of our Medicare D-SNP plans to validate diagnostic data, patient claims, and financial reporting. These audits could result in significant adjustments in payments made to our health plans, particularly if it is an audit which involves extrapolation, which could adversely affect our financial condition and results of operations. If errors are identified during a RADV audit, or it is otherwise determined that we fail to comply with applicable laws and regulations, we could be subject to fines, civil penalties, or other sanctions, which could have a material adverse effect on our ability to participate in these

Molina Healthcare, Inc. 2025 Form 10-K | 29

programs, and on our financial condition, cash flows, or results of operations. In addition, if a D-SNP or MMP plan pays minimum medical loss ratio (“MLR”) rebates for three consecutive years, such plan will become ineligible to enroll new members.

If state regulators do not approve payments of dividends and distributions by our subsidiaries, it may negatively affect our ability to meet our debt service and other obligations.

We are a corporate parent holding company and hold most of our assets in, and conduct most of our operations through, our direct subsidiaries. As a holding company, our results of operations depend on the results of operations of our subsidiaries. Moreover, we are dependent on dividends or other intercompany transfers of funds from our subsidiaries to meet our debt service and other obligations. The ability of our subsidiaries to pay dividends or make other payments or advances to us depends on their operating results and is subject to applicable laws and restrictions contained in agreements governing the debt of such subsidiaries. In addition, our health plan subsidiaries are subject to laws and regulations that limit the amount of ordinary dividends and distributions that they can pay to us without prior approval of, or notification to, state regulators. In general, our health plans must give thirty days’ advance notice and the opportunity to disapprove “extraordinary” dividends to the respective state departments of insurance for amounts that exceed either (a) ten percent of surplus or net worth at the prior year end or (b) the net income for the prior year, depending on the respective state statute. Our health plans generally must provide notice to the applicable state regulator prior to paying a dividend or other distribution to us. Our parent company received $985 million and $997 million in dividends from our regulated health plan subsidiaries during 2025 and 2024, respectively. If the regulators were to deny or significantly restrict our subsidiaries’ requests to pay dividends to us, the funds available to our Company as a whole would be limited, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

We are subject to extensive fraud and abuse laws that may give rise to lawsuits and claims against us, the outcome of which may have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Because we receive payments from federal and state governmental agencies, we are subject to various laws commonly referred to as “fraud and abuse” laws, including federal and state anti-kickback statutes, prohibited referrals, and the federal False Claims Act, which permit agencies and enforcement authorities to institute a suit against us for purported violations and, in some cases, to seek treble damages, criminal and civil fines, penalties, and assessments. Violations of these laws can also result in exclusion, debarment, temporary or permanent suspension from participation in government healthcare programs, or the institution of corporate integrity agreements.

Fraud, waste and abuse prohibitions encompass a wide range of operating activities, including kickbacks or other inducements for referral of members or for the coverage of products (such as prescription drugs) by a plan, billing for unnecessary medical services by a provider, up-coding, payments made to excluded providers, improper marketing, and the violation of patient privacy rights. The regulations and contractual requirements applicable to participants in these public-sector programs are complex and subject to change.

The federal government has taken the position that claims presented in violation of the federal anti-kickback statute may be considered a violation of the federal False Claims Act. In addition, under the federal civil monetary penalty statute, the U.S. Department of Health and Human Services’ Office of Inspector General has the authority to impose civil penalties against any person who, among other things, knowingly presents, or causes to be presented, certain false or otherwise improper claims. Qui tam actions under federal and state law are brought by a private individual, known as a relator, on behalf of the government. A relator who brings a successful qui tam lawsuit can receive 15 to 30 percent of the damages the government recovers from the defendants, which damages are trebled under the False Claims Act. Because of these financial inducements offered to plaintiffs, qui tam actions have increased significantly in recent years, causing greater numbers of healthcare companies to incur the costs of having to defend against false claims actions, including the costs associated with responding to exploratory Civil Investigative Demands brought by the government, many of which are spurious and without merit. If we are subject to liability under a qui tam or other actions, our business, financial condition, cash flows, or results of operations could be adversely affected. Even if we are successful in defending qui tam actions against

Molina Healthcare, Inc. 2025 Form 10-K | 30

us, the fact that these actions were filed against us, even if ultimately determined to be without merit, could result in expensive defense costs, and also could have an adverse impact on our reputation and our ability to obtain regulatory approval for acquisitions that we may pursue.

Our use and disclosure of personal information and other non-public information, including protected health information, is subject to federal and state laws, regulations, and requirements relating to the privacy, security, and processing of personal information, and any actual or perceived failure by us or our third-party service providers to comply with those ever-evolving regulations or to adequately secure the information we hold may result in significant liability, negative publicity, and/or an erosion of trust, which could materially adversely affect our business, results of operations, or financial condition.

In connection with running our business, we receive, store, use and otherwise process information that relates to individuals and/or constitutes “personal data,” “personal information,” “personally identifiable information,” or similar terms under applicable data privacy laws (collectively, “Personal Information”), including from and about actual and prospective customers, as well as our employees and business contacts. We also depend on a number of third-party service providers in relation to the operation of our business, a number of which process Personal Information on our behalf. We and our third-party service providers are therefore subject to a variety of federal, state data privacy laws, rules, regulations, industry standards and other requirements, including those that apply generally to the processing of Personal Information, and those that are specific to certain industries, sectors, contexts, or locations. For example, HIPAA, the California Consumer Privacy Act (the “CCPA”), the California Privacy Rights Act (the “CPRA”), and the Gramm-Leach-Bliley Act (“GLBA”), govern the collection, dissemination, transmission, use, privacy, confidentiality, security, availability, and integrity of Personal Information and protected health information (“protected health information” or “PHI”).

Furthermore, depending on the circumstance, we may act as either a covered entity and/or a business associate under HIPAA. HIPAA establishes breach notification obligations and basic privacy and security standards for protection of PHI by certain healthcare providers, health plans, and healthcare clearinghouses, known as covered entities, as well as their business associates that perform certain services that involve creating, receiving, maintaining or transmitting PHI for or on behalf of such covered entities, and their covered subcontractors.

Additionally, under HIPAA, covered entities must notify affected individuals of breaches of unsecured PHI without unreasonable delay following discovery of the breach by a covered entity. Notification also must be made to the U.S. Department of Health and Human Services Office for Civil Rights, or OCR, and, in certain circumstances involving large breaches, to the media. Business associates must report breaches of unsecured PHI to covered entities within 60 days of discovery of the breach by the business associate. We have experienced HIPAA breaches in the past, including breaches affecting over 500 individuals.

Entities that experience HIPAA violations as the result of a breach of unsecured PHI, a complaint about privacy practices or an audit by the HHS may be subject to civil monetary penalties and/or additional reporting and oversight obligations if required to enter into a resolution agreement and corrective action plan with HHS to settle allegations of HIPAA non-compliance. In certain circumstances, entities or individuals may be subject to criminal penalties for HIPAA violations. HIPAA authorizes state Attorneys General to file suit under HIPAA on behalf of state residents. Courts can award damages, costs, and attorneys’ fees related to violations of HIPAA in such cases. While HIPAA does not create a private right of action allowing individuals to sue us in civil court for violations of HIPAA, its standards have been used as the basis for duty of care in state civil suits such as those for negligence or recklessness in the misuse or breach of PHI.

The GLBA regulates, among other things, the use of certain information about individuals (“non-public personal information”) in the context of the provision of financial services, including by banks and other financial institutions. The GLBA includes both a “Privacy Rule,” which imposes obligations on financial institutions relating to the use or disclosure of non-public personal information, and a “Safeguards Rule,” which imposes obligations on financial institutions and, indirectly, their service providers to implement and maintain physical, administrative and technological measures to protect the security of non-public personal financial information. Any failure to comply with the GLBA could result in substantial financial penalties.

Even when HIPAA and the GLBA do not apply, we are still subject to requirements imposed by U.S. states and the federal government. For example, the FTC and state regulators enforce a variety of data privacy and security issues, such as promises made in privacy policies or a company’s data security measures failing to be reasonable and appropriate in light of the sensitivity and volume of consumer information it holds, the size and complexity of its business, and the cost of available tools to improve security and reduce vulnerabilities, which may be deemed as

Molina Healthcare, Inc. 2025 Form 10-K | 31

unfair or deceptive acts or practices in or affecting commerce in violation of the FTC Act or similar state laws. Individually identifiable health information is considered sensitive data that merits stronger safeguards.

In addition, in recent years, certain states have adopted or modified data privacy and security laws and regulations that may apply to our business, including laws that govern the privacy and security of health information in certain circumstances, many of which differ from each other in significant ways, thus complicating compliance efforts. For example, California enacted the CCPA, which became effective on January 1, 2020. The CCPA, among other things, created data privacy obligations for covered companies and provides new privacy rights to California residents, including the right to opt out of certain disclosures of their information. The CCPA also created a private right of action with statutory damages for certain data breaches, thereby potentially increasing risks associated with a data breach.

Even though we believe we and our vendors are generally in compliance with applicable laws, rules and regulations relating to privacy and data security, it is possible that new laws, regulations and other requirements, or amendments to or changes in interpretations of existing laws, regulations and other requirements, may require us to incur significant costs, implement new processes, or change our handling of information and business operations, which could ultimately hinder our ability to grow our business by extracting value from our data assets. In addition, any failure or perceived failure by us to comply with laws, regulations and other requirements relating to the privacy, security and handling of information could result in legal claims or proceedings (including class actions), regulatory investigations or enforcement actions. We could incur significant costs in investigating and defending such claims and, if found liable, pay significant damages or fines or be required to make changes to our business. These proceedings and any subsequent adverse outcomes may subject us to significant negative publicity. If any of these events were to occur, our business, results of operations, and financial condition could be materially adversely affected.

Unforeseen changes in pharmaceutical regulations or market conditions may impact our revenues and adversely affect our results of operations.

Pharmaceutical products and services are a significant component of our healthcare costs. Evolving regulations and state and federal mandates regarding coverage may impact the ability of our health plans to continue to receive existing price discounts on pharmaceutical products for our members. Other factors affecting our pharmaceutical costs include, but are not limited to, the price of pharmaceuticals, geographic variation in utilization of new and existing pharmaceuticals, and changes in discounts. The unpredictable nature of these factors may have a material adverse effect on our business, financial condition, cash flows, or results of operations.

Introduction of new high cost specialty drugs and sudden cost spikes for existing drugs increase the risk that the pharmacy cost assumptions used to develop our capitation rates are not adequate to cover the actual pharmacy costs, which jeopardizes the overall actuarial soundness of our rates. Bearing the high costs of new specialty drugs or the high cost inflation of generic drugs without an appropriate rate adjustment or other reimbursement mechanism would have an adverse impact on our financial condition and results of operations. In addition, evolving regulations and state and federal mandates regarding coverage may impact the ability of our health plans to continue to receive existing price discounts on pharmaceutical products for our members. Other factors affecting our pharmaceutical costs include, but are not limited to, geographic variation in utilization of new and existing pharmaceuticals, changes in discounts, civil investigations, and litigation. Some of our competitors have been subject to substantial sanctions related to allegations of improper transfer pricing practices. The ultimate outcome of these complaints may have an adverse impact on our pharmaceutical costs, or potentially could result in our becoming involved or impleaded into similar or related costly litigation. Although we will continue to work with state Medicaid agencies in an effort to ensure that we receive appropriate and actuarially sound reimbursement for all new drug therapies and pharmaceuticals trends, there can be no assurance that we will be successful in that regard.

Molina Healthcare, Inc. 2025 Form 10-K | 32

Large-scale medical emergencies in one or more states in which we operate our health plans could significantly increase utilization rates and medical costs.

Large-scale medical emergencies can take many forms and be associated with widespread illness or medical conditions. For example, natural disasters, such as a major earthquake or wildfire in California, or a major hurricane affecting Florida, South Carolina, or Texas, could have a significant impact on the health of a large number of our covered members.

In addition, federal and state law enforcement officials have issued warnings about potential terrorist activity involving biological or other weapons of mass destruction. All of these conditions, and others, could have a significant impact on the health of the population of wide-spread areas. If one of the states in which we operate were to experience a large-scale natural disaster, a significant terrorist attack, or some other large-scale event affecting the health of a large number of our members, our covered medical expenses in that state would rise, which could have a material adverse effect on our business, financial condition, cash flows, or results of operations.

We face various risks inherent in the government contracting process that could materially and adversely affect our business and profitability, including periodic routine and non-routine reviews, audits, and investigations by government agencies.

We are subject to various risks inherent in the government contracting process. These risks include routine and non-routine governmental reviews, audits, and investigations, and compliance with government reporting requirements. Violation of the laws, regulations, executive orders or contract provisions governing our operations, or changes in interpretations of those laws, regulations or executive orders, could result in the imposition of civil or criminal penalties, the cancellation of our government contracts, the suspension or revocation of our licenses, the exclusion from participation in government sponsored health programs, or the revision and recoupment of past payments made based on audit findings. If we are unable to correct any noted deficiencies, or become subject to material fines or other sanctions, we could suffer a substantial reduction in profitability, and could also lose one or more of our government contracts. In addition, government receivables are subject to government audit and negotiation, and government contracts are vulnerable to disagreements with the government. The final amounts we ultimately receive under government contracts may be different from the amounts we initially recognize in our financial statements.

Our business is extensively regulated by the federal government and the states in which we operate. The laws and regulations governing our operations are generally intended to benefit and protect health plan members and providers rather than managed care organizations. The government agencies administering these laws and regulations have broad latitude in interpreting and applying them. Changes in the interpretation or application of our contracts could reduce our profitability if we have detrimentally relied on a prior interpretation or application. These laws and regulations, along with the terms of our government contracts, regulate how we do business, what services we offer, and how we interact with our members and the public. For instance, some states mandate minimum medical expense levels as a percentage of premium revenues. These laws and regulations, and their interpretations, are subject to frequent change. The interpretation of certain contract provisions by our governmental regulators at the federal and state level may also change. Changes in existing laws or regulations, or their interpretations, or the enactment of new laws or regulations or executive orders, could reduce our profitability by imposing additional capital requirements, increasing our liability, increasing our administrative and other costs, increasing mandated benefits, forcing us to restructure our relationships with providers, requiring us to implement additional or different programs and systems, or making it more difficult to predict future results. Thus, any significant changes in existing health care laws or regulations could materially impact our business, financial condition, cash flows, or results of operations.

In particular, the OBBBA enacted several provisions that may impact the number of enrollees in health insurance marketplaces and the size of our member population. The law requires states to establish work requirements and conduct more frequent participant eligibility redeterminations, among other modifications. In addition, the OBBBA may have created a negative public perception that Medicaid services may become unavailable or drastically reduced. Although the full impact of the OBBBA is uncertain at this time, these changes are expected to reduce enrollment in state Medicaid programs. The timing and magnitude of the reductions may vary by state depending on how quickly states implement the changes, how states may adapt their future tax and Medicaid funding policies in

Molina Healthcare, Inc. 2025 Form 10-K | 33

response, as well as other macroeconomic factors. In addition, the OBBBA ends the APTCs for individuals who enroll in plans via the special enrollment period with income below 150% of the FPL, prohibiting automatic re-enrollment for tax year 2028, and eliminating APTC eligibility for some formerly covered individuals (such as refugees and other immigrant populations). While we currently estimate that the reduction in enrollment in connection with the OBBBA will be in the range of 15% to 20% by 2029 on 1.2 million members in our Medicaid Expansion population, we cannot predict with certainty the magnitude of the impact on our membership or our business. In addition, the OBBBA also reduces revenues that states can raise through provider taxes to finance their share of Medicaid spending and limits payments to Medicaid providers to 100 percent of the mandated Medicare rate for Expansion states and 110% of the Medicare rate for non-Expansion states. These changes are scheduled to begin in 2028, and we expect they may take 5 to 15 years to be fully implemented. Furthermore, in response to state budget challenges, certain states have implemented spending cuts to Medicaid programs, and there may continue to be proposals that could significantly reduce state spending on their Medicaid programs. The impact of these changes and developments is uncertain and will depend on how states may adapt their future tax and Medicaid funding policies in response.

In the past, the securities and credit markets have experienced extreme volatility and disruption. The availability of credit, from virtually all types of lenders, has at times been restricted.

Similarly, our access to funds may be impaired if regulatory authorities or rating agencies take negative actions against us. If one or any combination of these factors were to occur, our internal sources of liquidity may prove to be insufficient, and in such case, we may not be able to successfully obtain sufficient additional financing on favorable terms, within an acceptable time period, or at all.

We are party to a credit agreement dated as of November 20, 2025 ( the “New Credit Agreement”) which replaced our prior credit Agreement dated as of June 8, 2020 (the “Prior Credit Agreement”), and includes a revolving credit facility (“Credit Facility”) of $1.25 billion, among other provisions. The New Credit Agreement contains customary non-financial and financial covenants, including maintenance of a minimum Interest Coverage Ratio (as defined in the New Credit Agreement) threshold of 3.0 to 1.0, and a maximum Consolidated Total Debt to Capital Ratio (as defined in the New Credit Agreement) of 60%, with a step-up to 65% for four fiscal quarters following a material acquisition or series of related acquisitions (i.e., $500 million or greater cash consideration). On February 4, 2026, we entered into an amendment to the New Credit Agreement (the “First Amendment”) that temporarily reduces the minimum Interest Coverage Ratio threshold to (a) with respect to each fiscal quarter ending March 31, 2026 through and including December 31, 2026, 1.75:1.00, (b) with respect to each fiscal quarter ending March 31, 2027, 2.00:1.00, (c) with respect to fiscal quarter ending June 30, 2027, 2.50:1.00 and (d) with respect to fiscal quarter ending September 30, 2027, 2.75:1.00. These various restrictive covenants could limit our ability to pursue our business strategies.

GENERAL RISK FACTORS

We are dependent on the leadership of our chief executive officer and other executive officers and key employees.

The success of our business and the ability to execute our strategy are highly dependent on the leadership of Mr. Zubretsky, our chief executive officer, and that of our other key executive officers and employees. The loss of their leadership, expertise, and experience could negatively impact our operations. In addition, recently the threat

Molina Healthcare, Inc. 2025 Form 10-K | 34

environment for senior health care executives has worsened considerably, and the need for appropriate security to combat such threats could distract or disrupt senior management from performing their job responsibilities. Our ability to replace our leaders or any other key employee may be difficult and may take an extended period of time because of the limited number of individuals in the healthcare industry who have the breadth and depth of skills and experience necessary to operate and lead a business such as ours. Competition to hire from this limited pool is intense, and we may be unable to hire, train, retain, or motivate these personnel. Adverse changes to our corporate culture or industry perception could harm our business operations and our ability to retain key executive officers and employees. If we are unsuccessful in recruiting, retaining, managing, protecting, and motivating such personnel, our business, financial condition, cash flows, or results of operations could be adversely affected.

We are subject to a variety of legal actions that may affect our business, including but not limited to provider claims, employment related claims, breach of contract actions, Qui Tam or False Claims Act actions, Civil Investigative Demands, class actions of various kind, including securities law class actions, derivative actions, administrative matters before government agencies, tort claims, and intellectual property-related litigation. These actions or proceedings could result in substantial costs to us, require management to spend substantial time focused on litigation, result in negative media attention, and may adversely affect our business, reputation, financial condition, results of operations, or cash flows. If we incur liability materially in excess of the amount for which we have insurance coverage, our profitability would suffer.

Failure to maintain effective internal controls over financial reporting could have a material adverse effect on our business, operating results, and stock price, and could subject us to sanctions by regulatory authorities.

A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis. We have identified material weaknesses in our internal control over financial reporting in the past, which have subsequently been remediated. If additional material weaknesses in our internal control over financial reporting are discovered or occur in the future, the risk of material misstatements in our consolidated financial statements may increase and we could be required to restate our financial results.

Because our corporate headquarters are located in Southern California, our business operations may be disrupted as a result of a major earthquake or wildfire.

Our corporate headquarters are located in Long Beach, California. In addition, some of our health plans’ claims are processed in Long Beach, California. If a major earthquake or wildfire were to strike near our location in Southern California, our corporate functions and claims processing could be impaired for an unforeseen period of time. If there is a major Southern California earthquake or wildfire, there can be no assurances that our disaster recovery plan will be successful or that the business operations of our health plans, including those that are remote from any such event, would not be impacted.

Changes in tax laws or regulations that are applied adversely to us or our customers may materially adversely affect our business, prospects, financial condition and operating results.

New income, sales, use or other tax laws, statutes, rules, regulation or ordinances could be enacted at any time, or interpreted, changed, modified or applied adversely to us or our customers, any of which could adversely affect our business, prospects, financial performance and operating results. In particular, presidential, congressional, state and local elections in the United States could result in significant changes in, and uncertainty with respect to, tax legislation, regulation and government policy directly affecting our business or indirectly affecting us because of impacts on our customers, members, providers, third-party vendors, and service suppliers. For example, the United States government has recently imposed a corporate alternative minimum tax and has, from time to time, proposed and may enact significant changes to the taxation of business entities including, among others, an increase in the corporate income tax rate and surtaxes on certain types of income. The likelihood of these changes being enacted or implemented is unclear. We are currently unable to predict whether such changes will occur and, if so, the ultimate impact on our business.

Molina Healthcare, Inc. 2025 Form 10-K | 35

Item 1C. CYBERSECURITY

CYBERSECURITY RISK MANAGEMENT, GOVERNANCE AND RISK ASSESSMENT

The Company is committed to protecting the confidentiality, integrity, and availability of its information systems and the data they contain from cybersecurity threats. The Company recognizes that cybersecurity is a dynamic and evolving area of risk that requires ongoing assessment, management, and oversight. The Company has established a cybersecurity risk management program (the "Program") that is designed to protect the confidentiality, integrity, and availability of our critical systems and information, including to assess, identify, manage, and mitigate material cybersecurity threats, as well as to respond to and recover from cybersecurity incidents.

CYBERSECURITY RISK MANAGEMENT

We design and assess our Program based on cybersecurity frameworks, such as the National Institute of Standards and Technology Cybersecurity Framework (“NIST CSF”). The Program is integrated into the Company's overall enterprise risk management system and processes, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Key elements of our Program, include but are not limited to the following:

•risk assessments designed to help identify material risks from cybersecurity threats to our critical systems and information;

•a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

•the use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security processes;

•cybersecurity awareness training of our employees, including incident response personnel and senior management;

•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

•a third-party risk management process for key service providers based on our assessment of their criticality to our operations and respective risk profile.

The Company undergoes an annual Service Organization Controls (“SOC”) Type 2 attestation report covering the performance of safeguards deployed to protect certain Company systems and applications.

The Program is implemented and managed by the Company’s executive management under the leadership of the CISO. The Company contracts with third-party service providers to support aspects of the Program implementation, operations, and review of information technology operations and cybersecurity technologies. Additionally, the Company has retained a number of well-established and reputable cybersecurity consultants, including forensics experts, auditors, as well as outside cybersecurity legal counsel to assist with cybersecurity matters as needed from time to time.

The Company has a Computer Incident Response Team (“CIRT”) which is responsible for monitoring, preventing, detecting, assisting with the investigation, and responding to cybersecurity threats. The Company has in place an Information Security Incident Response Plan (“IRP”) Protocol which provides an operational framework to coordinate the response to any type of cybersecurity incident affecting the Company. The CIRT team informs the CISO of cybersecurity threats consistent with the IRP. The IRP also provides the process and oversight to manage cybersecurity incidents that may arise from a third-party service provider. In addition, the IRP addresses management responsibility with respect to disclosure determinations related to a cybersecurity incident and provides for Audit Committee and Board briefings as appropriate.

The Company’s cybersecurity policies and procedures are reviewed by the CISO and updated at least annually. In addition, under the IRP, following the resolution of a cybersecurity incident, the Company will generally consider the effectiveness of the Program and the IRP, make adjustments as appropriate, and report to senior management and the Audit Committee as appropriate on these matters. The cybersecurity policies and procedures are communicated

Molina Healthcare, Inc. 2025 Form 10-K | 36

and enforced throughout the Company, as well as with the third-party service providers that have access to the Company's information systems or nonpublic information. Cybersecurity policies and procedures are also subject to periodic review and audits by internal and external parties, such as the internal audit function, external auditors, regulators, or independent assessors. The Company requires employees to undergo cybersecurity-related training, including phishing prevention training, and employees are tested regularly through phishing exercises.

GOVERNANCE

The CISO is primarily responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee, and supervising both our internal cybersecurity personnel and our retained external cybersecurity consultants. The CISO has the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The CISO’s expertise includes decades of information technology and cybersecurity as a subject matter expert, including more than a decade of executive management experience as a CISO for Fortune 500 companies.

The Program and cybersecurity risk is overseen by the Company’s Board of Directors and has delegated to its Audit Committee which, pursuant to its charter, assists the Board with oversight of Company privacy, data security, and cybersecurity matters and risks, including implementation of the Program. The Audit Committee also discusses with executive management the steps management has taken to monitor and mitigate privacy, data security, and cybersecurity risk exposures, the Company’s information governance policies and programs, and major legislative and regulatory developments that could materially impact the Company’s exposure regarding privacy, data security risk, and cybersecurity. The Audit Committee reports to the full Board regarding its activities, including those related to cybersecurity. The full Board also receives briefings from the Company’s executive management on the Program. Board members receive presentations on cybersecurity topics from our CISO or external experts as part of the Board’s continuing education on topics that impact public companies. Our CISO takes steps to stay informed about and monitor efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, which may include briefings from internal security personnel; threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us; and alerts and reports produced by security tools deployed in our IT environment. The Audit Committee and the Board consider cybersecurity as part of the Company’s business strategy, financial planning, and capital allocation.

CYBERSECURITY RISK ASSESSMENT

Our CISO is primarily responsible for assessing and managing the Company’s material risks from cybersecurity threats. The Company conducts regular risk assessments to identify, evaluate, and prioritize material cybersecurity risks to the Company, including its health plans and state contracts, shared services and IT operations, or business strategy. The risk assessments are informed by various sources of information, such as internal and external audits, vulnerability scans, penetration tests, threat intelligence, incident reports, industry benchmarks, and accepted industry practices. The risk assessments consider the potential impact and likelihood of various cybersecurity threats, such as ransomware, malware, social engineering, third-party incidents, supply chain attacks and insider threats, and contemplates the adequacy of controls to detect, prevent, respond, and recover to reduce the possibility of an adverse material cybersecurity event. The Company has in place processes to identify material risks from cybersecurity threats associated with its use of third-party service providers and as such, conducts assessments of such third-party service providers with respect to their cybersecurity programs and risks and requires third-party service providers to notify the Company if they experienced a cybersecurity incident. The Company hires experienced security professionals to conduct advanced and realistic cybersecurity attack simulations to verify its Program, and conducts regular cybersecurity tabletop exercises with executive management, which are coordinated by a third-party.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition.”

Molina Healthcare, Inc. 2025 Form 10-K | 37

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
DIOD	2 hours ago
LEGT	2 hours ago
NTST	2 hours ago
AOS	2 hours ago
EXEL	3 hours ago
HCA	3 hours ago
PEGA	3 hours ago
MOH	3 hours ago
GPRE	3 hours ago
PTEN	3 hours ago
PECO	3 hours ago
ARI	3 hours ago
HIW	3 hours ago
SLAB	3 hours ago
KVYO	3 hours ago
UPST	3 hours ago
TCBI	3 hours ago
ADC	3 hours ago
MEDP	3 hours ago
INCY	3 hours ago
CMI	4 hours ago
CNX	5 hours ago
MAR	5 hours ago
GT	8 hours ago
CMS	8 hours ago
L	11 hours ago
CNA	11 hours ago
MAS	12 hours ago
CURB	12 hours ago
CVS	12 hours ago
ACRE	22 hours ago
T	1 day, 2 hours ago
BE	1 day, 2 hours ago
SIGI	1 day, 2 hours ago
UTL	1 day, 2 hours ago
RXO	1 day, 2 hours ago
APAD	1 day, 2 hours ago
ITT	1 day, 2 hours ago
CLF	1 day, 3 hours ago
VNO	1 day, 3 hours ago
ON	1 day, 3 hours ago
PI	1 day, 3 hours ago
BSAA	1 day, 3 hours ago
ZWS	1 day, 3 hours ago
BRX	1 day, 3 hours ago
KN	1 day, 3 hours ago
MRSH	1 day, 3 hours ago
FCFS	1 day, 3 hours ago
WM	1 day, 3 hours ago
NSC	1 day, 7 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - MOH

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - MOH

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing