Common use of Cybersecurity and Data Protection Clause in Contracts

Cybersecurity and Data Protection. The Company and the Subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, the “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and the Subsidiaries as currently conducted, and to the knowledge of the Company and the Subsidiaries free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and the Subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that would not have a Material Adverse Event or have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same that the Company believes, in good faith, are reasonably likely to constitute a Material Adverse Event. The Company and the Subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification. The statements disclosed and materials used as the basis of information contained in the Registration Statement, the Pricing Disclosure Package and the Prospectus relating to the cybersecurity review of the Company and its Subsidiaries and other cybersecurity and data privacy related matters in the sections headed “Prospectus Summary,” “Risk Factors,” and “Regulation” are complete, true and accurate in all material respects and in light of the circumstances under which they were made, not misleading.

Cybersecurity and Data Protection. The (A) To the knowledge of the Company, there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to the Company and the Subsidiaries’ information technology assets and equipment, computers, computer systems, networks, hardware, software, websites, applications, data and databases (including the data and information of its patients, customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company, and any such data processed or stored by third parties on behalf of the Company), equipment or technology (collectively, the “IT SystemsSystems and Data”); (B) are adequate forthe Company has not been notified of, and operate has no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure of or other compromise to its IT Systems and perform in all material respects as required in connection with the operation of the business of Data; and (C) the Company and the Subsidiaries as currently conducted, and to the knowledge of the Company and the Subsidiaries free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and the Subsidiaries have has implemented and maintained commercially reasonable appropriate controls, policies, procedures, and technological safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy redundancy, disaster recovery and security of all its IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable data (including all personalprotection laws, personally identifiablehealthcare laws and regulatory standards. The IT Systems and Data are adequate and operational for, sensitive, confidential or regulated data (the “Personal Data”)) used in connection accordance with their businessesdocumentation and functional specifications, and there have been no breaches, violations, outages or unauthorized uses the business of or accesses to same, except for those that would not have a Material Adverse Event or have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same that the Company believesas now operated by it and as currently proposed to be operated as described in the Registration Statement, in good faith, are reasonably likely to constitute a Material Adverse Eventthe General Disclosure Package and the Prospectus. The Company and the Subsidiaries are presently is in compliance in all material compliance respects with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of the IT Systems and Personal Data Data, including the collection, use, transfer, processing, disposal, disclosure, handling, storage and to analysis of personally identifiable information, protected health information, consumer information and other confidential information of the Company and any third parties in their possession (“Sensitive Company Data”), and the protection of such IT Systems and Personal Data and Sensitive Company Data from unauthorized use, access, misappropriation or modification. The statements disclosed and materials used as Company has taken reasonable steps necessary to maintain the basis of information contained in the Registration Statement, the Pricing Disclosure Package and the Prospectus relating to the cybersecurity review confidentiality of the Sensitive Company and Data. The Company has not received any written notice, claim, complaint, demand or letter from any Person or Governmental Entity in respect of its Subsidiaries and other cybersecurity business under applicable data security and data privacy related matters in protection laws and regulations and industry standards regarding misuse, loss, unauthorized destruction or unauthorized disclosure of any Sensitive Company Data. To the sections headed “Prospectus Summary,” “Risk Factors,” and “Regulation” are complete, true and accurate in all material respects and in light knowledge of the circumstances under which they were madeCompany, there has been no unauthorized or illegal use of or access to any Sensitive Company Data by any third party. The Company has not misleadingbeen required to notify any individual, Governmental Entity or data protection authority of any information security breach, compromise or incident involving Sensitive Company Data and are not the subject of any inquiry or investigation by any Governmental Entity or data protection authority regarding any of the foregoing.