Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Risk Management and Strategy
Strata's cybersecurity risk management processes are integrated into our broader enterprise risk management framework. We have established comprehensive processes for assessing, identifying, and managing material risks from cybersecurity threats, which include regular threat assessments, vulnerability scanning, penetration testing, and continuous monitoring of our information systems and infrastructure.
We engage leading cybersecurity consulting firms and independent third-party assessors to evaluate our security posture, conduct specialized security assessments, and perform regular audits of our cybersecurity controls and practices. These engagements provide external validation of our security measures and help identify areas for improvement.
We maintain formal processes to oversee and identify cybersecurity risks associated with our use of third-party service providers. This includes conducting security assessments of third-party vendors prior to engagement, requiring contractual security obligations, performing ongoing security reviews, and implementing continuous monitoring to identify and mitigate potential cybersecurity risks in our vendor relationships. We require key third-party service providers to maintain appropriate security certifications and comply with our security standards.
The Company maintains multiple layers of safeguards to protect its information systems and data, including technical controls, employee cybersecurity awareness training, incident response procedures and regular exercises, cybersecurity insurance coverage, disaster recovery capabilities, and business continuity plans. We utilize third-party cybersecurity monitoring and threat detection services to identify and respond to potential threats in real-time, helping to minimize potential disruption to our business and operations.
To date, the Company has not experienced any cybersecurity incidents that have materially affected the Company's business strategy, results of operations, or financial condition. While we face cybersecurity threats common to companies in the healthcare services industry, including risks related to ransomware, phishing attempts, and potential unauthorized access to systems containing protected health information, we believe that our cybersecurity risk management processes and controls are adequate to address these threats. Based on our current assessment, we do not believe that risks from cybersecurity threats are reasonably likely to materially affect the Company's business strategy, results of operations, or financial condition. However, cybersecurity threats continue to evolve, and there can be no assurance that future cybersecurity incidents will not have a material adverse effect on our business. For additional discussion of cybersecurity risks, see Item 1A. Risk Factors "—Risks Related to Intellectual Property, Cybersecurity, Information Technology and Data Management Practices" in this Annual Report.
Governance
The Board of Directors has delegated primary responsibility for cybersecurity risk oversight to the Audit Committee, which conducts quarterly reviews of the Company's cybersecurity posture. The Audit Committee receives regular reports from management regarding cybersecurity risks, incidents, and the effectiveness of our cybersecurity program. The full Board is informed about cybersecurity matters through Audit Committee reports and receives updates on material cybersecurity risks and incidents as they arise.
At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. They have over 20 years of experience in senior technology leadership roles and oversees IT infrastructure, application development, security compliance, and technology initiatives across the organization. Day-to-day management of our cybersecurity program is led by the Director of Cybersecurity, who reports to the VP of Technology and is responsible for implementing security controls, managing incident response, and coordinating with third-party security providers.
The cybersecurity leadership team meets regularly to review threat intelligence, assess vulnerabilities, evaluate security incidents, and monitor compliance with security policies and procedures. These meetings include review of security metrics, incident reports, remediation status, and emerging threats relevant to the healthcare industry. The VP of Technology and Co-CEO provide regular updates to the Audit Committee on cybersecurity matters, including significant security incidents, changes to the threat landscape, and the status of key security initiatives. This reporting structure ensures that cybersecurity risks and incidents are escalated appropriately and that the Board maintains effective oversight of the Company's cybersecurity program.
|
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The Company maintains multiple layers of safeguards to protect its information systems and data, including technical controls, employee cybersecurity awareness training, incident response procedures and regular exercises, cybersecurity insurance coverage, disaster recovery capabilities, and business continuity plans. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
The Board of Directors has delegated primary responsibility for cybersecurity risk oversight to the Audit Committee, which conducts quarterly reviews of the Company's cybersecurity posture. The Audit Committee receives regular reports from management regarding cybersecurity risks, incidents, and the effectiveness of our cybersecurity program. The full Board is informed about cybersecurity matters through Audit Committee reports and receives updates on material cybersecurity risks and incidents as they arise.
|
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] |
At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. They have over 20 years of experience in senior technology leadership roles and oversees IT infrastructure, application development, security compliance, and technology initiatives across the organization. Day-to-day management of our cybersecurity program is led by the Director of Cybersecurity, who reports to the VP of Technology and is responsible for implementing security controls, managing incident response, and coordinating with third-party security providers.
|
| Cybersecurity Risk Role of Management [Text Block] |
We engage leading cybersecurity consulting firms and independent third-party assessors to evaluate our security posture, conduct specialized security assessments, and perform regular audits of our cybersecurity controls and practices. These engagements provide external validation of our security measures and help identify areas for improvement.
We maintain formal processes to oversee and identify cybersecurity risks associated with our use of third-party service providers. This includes conducting security assessments of third-party vendors prior to engagement, requiring contractual security obligations, performing ongoing security reviews, and implementing continuous monitoring to identify and mitigate potential cybersecurity risks in our vendor relationships. We require key third-party service providers to maintain appropriate security certifications and comply with our security standards.
The Company maintains multiple layers of safeguards to protect its information systems and data, including technical controls, employee cybersecurity awareness training, incident response procedures and regular exercises, cybersecurity insurance coverage, disaster recovery capabilities, and business continuity plans. We utilize third-party cybersecurity monitoring and threat detection services to identify and respond to potential threats in real-time, helping to minimize potential disruption to our business and operations.
To date, the Company has not experienced any cybersecurity incidents that have materially affected the Company's business strategy, results of operations, or financial condition. While we face cybersecurity threats common to companies in the healthcare services industry, including risks related to ransomware, phishing attempts, and potential unauthorized access to systems containing protected health information, we believe that our cybersecurity risk management processes and controls are adequate to address these threats. Based on our current assessment, we do not believe that risks from cybersecurity threats are reasonably likely to materially affect the Company's business strategy, results of operations, or financial condition. However, cybersecurity threats continue to evolve, and there can be no assurance that future cybersecurity incidents will not have a material adverse effect on our business. For additional discussion of cybersecurity risks, see Item 1A. Risk Factors "—Risks Related to Intellectual Property, Cybersecurity, Information Technology and Data Management Practices" in this Annual Report.
Governance
The Board of Directors has delegated primary responsibility for cybersecurity risk oversight to the Audit Committee, which conducts quarterly reviews of the Company's cybersecurity posture. The Audit Committee receives regular reports from management regarding cybersecurity risks, incidents, and the effectiveness of our cybersecurity program. The full Board is informed about cybersecurity matters through Audit Committee reports and receives updates on material cybersecurity risks and incidents as they arise.
At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. They have over 20 years of experience in senior technology leadership roles and oversees IT infrastructure, application development, security compliance, and technology initiatives across the organization. Day-to-day management of our cybersecurity program is led by the Director of Cybersecurity, who reports to the VP of Technology and is responsible for implementing security controls, managing incident response, and coordinating with third-party security providers.
The cybersecurity leadership team meets regularly to review threat intelligence, assess vulnerabilities, evaluate security incidents, and monitor compliance with security policies and procedures. These meetings include review of security metrics, incident reports, remediation status, and emerging threats relevant to the healthcare industry. The VP of Technology and Co-CEO provide regular updates to the Audit Committee on cybersecurity matters, including significant security incidents, changes to the threat landscape, and the status of key security initiatives. This reporting structure ensures that cybersecurity risks and incidents are escalated appropriately and that the Board maintains effective oversight of the Company's cybersecurity program.
|
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | They have over 20 years of experience in senior technology leadership roles and oversees IT infrastructure, application development, security compliance, and technology initiatives across the organization. |
| Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] |
The Board of Directors has delegated primary responsibility for cybersecurity risk oversight to the Audit Committee, which conducts quarterly reviews of the Company's cybersecurity posture. The Audit Committee receives regular reports from management regarding cybersecurity risks, incidents, and the effectiveness of our cybersecurity program. The full Board is informed about cybersecurity matters through Audit Committee reports and receives updates on material cybersecurity risks and incidents as they arise.
At the management level, the Vice President of Technology has primary responsibility for overseeing the Company's cybersecurity program. They have over 20 years of experience in senior technology leadership roles and oversees IT infrastructure, application development, security compliance, and technology initiatives across the organization. Day-to-day management of our cybersecurity program is led by the Director of Cybersecurity, who reports to the VP of Technology and is responsible for implementing security controls, managing incident response, and coordinating with third-party security providers.
The cybersecurity leadership team meets regularly to review threat intelligence, assess vulnerabilities, evaluate security incidents, and monitor compliance with security policies and procedures. These meetings include review of security metrics, incident reports, remediation status, and emerging threats relevant to the healthcare industry. The VP of Technology and Co-CEO provide regular updates to the Audit Committee on cybersecurity matters, including significant security incidents, changes to the threat landscape, and the status of key security initiatives. This reporting structure ensures that cybersecurity risks and incidents are escalated appropriately and that the Board maintains effective oversight of the Company's cybersecurity program.
|
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |