Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2024 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Cybersecurity Risk Management
•Risk Assessment: We regularly conduct comprehensive cybersecurity risk assessments, identifying potential vulnerabilities and threats that could impact the confidentiality, integrity, and availability of our medical devices and associated data.
•Policies and Procedures: InfuSystem has established and maintains cybersecurity policies and procedures that align with industry best practices and regulatory requirements. These policies address areas such as data protection, access control, incident response, and vulnerability management.
•Training and Awareness: We provide ongoing cybersecurity training and awareness programs to our employees and contractors, emphasizing the importance of their role in safeguarding sensitive information and reporting security incidents.
•Use of Third-Parties: InfuSystem works with a third-party Cybersecurity risk partner whose systems ingest information regarding the current state of the Company’s information and technology environment and using specialized algorithms provide assessments of the company’s Cybersecurity risk exposure as well as providing targeted advice to mitigate any risks identified.
•Third-Party Risk Management: InfuSystem evaluates the cybersecurity practices of third-party vendors and suppliers, ensuring that they meet our cybersecurity standards and pose no undue risk to our medical devices and data.
•Incident Response Plan: We maintain a robust incident response plan that outlines the steps to be taken in the event of a cybersecurity incident. This plan includes procedures for reporting incidents, containing threats, and notifying affected parties as required by law.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] |
We recognize the critical importance of cybersecurity in safeguarding sensitive information, maintaining operational integrity, and ensuring the safety and efficacy of our medical devices. Our cybersecurity risk management program, which is based on recognized cybersecurity frameworks established by the National Institute of Standards and Technology ("NIST") and led by our Chief Information Officer (CIO), is fully integrated into our overall enterprise risk management program, and shares
common reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, operational and financial risk areas. We are dedicated to maintaining the highest standards of cybersecurity to protect our customers and stakeholders. We will continue to adapt to evolving threats and regulations to ensure the safety and security of our products and information.
Please see the Item 1A. Risk Factor above entitled "Cybersecurity risks and cyber incidents could adversely affect our business and disrupt operations" for more information regarding cybersecurity incident risks associated with InfuSystem.
|
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
InfuSystem maintains a dedicated cybersecurity governance framework. While senior management is primarily responsible for assessing and managing the Company's exposure to risk, our Board of Directors oversees our ERM, including cybersecurity risk management, and ultimately approves ERM policies and procedures. Our Board conducts much of its risk oversight activities, including cybersecurity risk oversight, through our Audit Committee. Given the ever-increasing volume of cyber threats and the magnitude of a potential breach, cybersecurity is a standing topic for the Board of Directors and Audit Committee.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | Our Board conducts much of its risk oversight activities, including cybersecurity risk oversight, through our Audit Committee. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | CIO has over a decade of executive-level experience managing information systems and cybersecurity programs in the healthcare industry. The CIO serves as an Executive Officer who reports directly to senior management and, at least quarterly, makes reports to the Audit Committee. Senior management reports to the full Board of Directors with respect to cybersecurity matters on at least a quarterly basis. |
| Cybersecurity Risk Role of Management [Text Block] |
InfuSystem is committed to continuous improvement in our cybersecurity risk management practices. In the coming fiscal year, we will focus on:
1.Enhancing our threat detection and monitoring capabilities.
2.Conducting regular tabletop exercises to improve incident response readiness.
3.Staying abreast of emerging threats and adjusting our cybersecurity posture accordingly.
4.Collaborating with industry partners and regulatory authorities to enhance overall cybersecurity resilience in the medical device industry.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | As noted above, our CIO leads our cybersecurity risk management program. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | Our CIO has over a decade of executive-level experience managing information systems and cybersecurity programs in the healthcare industry. The CIO serves as an Executive Officer who reports directly to senior management and, at least quarterly, makes reports to the Audit Committee. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] | The CIO serves as an Executive Officer who reports directly to senior management and, at least quarterly, makes reports to the Audit Committee. Senior management reports to the full Board of Directors with respect to cybersecurity matters on at least a quarterly basis. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |