{"id":7781,"date":"2025-04-30T15:51:45","date_gmt":"2025-04-30T19:51:45","guid":{"rendered":"https:\/\/seci.wpenginepowered.com\/?p=7781"},"modified":"2025-04-30T15:51:51","modified_gmt":"2025-04-30T19:51:51","slug":"an-example-cybersecurity-event-form-8-k","status":"publish","type":"post","link":"https:\/\/seciblog.pli.edu\/index.php\/an-example-cybersecurity-event-form-8-k\/","title":{"rendered":"An Example Cybersecurity Event Form 8-K"},"content":{"rendered":"

On April 12, 2025, Davita, Inc. reported a cybersecurity attack on Form 8-K<\/a>.\u00a0 Interestingly, and appropriately, the company did not report the event on Item 1.05.\u00a0 The instructions for Item 1.05 begin with:<\/p>\n

Item 1.05 Material Cybersecurity Incidents.<\/strong><\/p>\n

(a) If the registrant experiences a cybersecurity incident that is determined by the registrant to be material, describe the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.<\/p>\n

As this instruction clearly states, this Form 8-K Item is for material<\/strong> cybersecurity incidents.\u00a0 That said, many times a company will want to alert investors and others when a cybersecurity incident has occurred, but the company is still in the process of assessing the materiality of the event.\u00a0 On May 21, 2024, CorpFin issued this Statement<\/a> addressing how to report a cybersecurity event before a materiality assessment is complete.\u00a0 In the Statement, CorpFin \u201cencourages\u201d companies to use a different Form 8-K Item, perhaps Item 8.01 or 7.01.<\/p>\n

Davita\u2019s Form 8-K was filed under Item 8.01 and includes this language:<\/p>\n

Item\u20098.01. Other Events.\u00a0<\/strong><\/p>\n

On April\u00a012, 2025, DaVita Inc. (the \u201cCompany\u201d or \u201cwe\u201d) became aware of a ransomware incident that has encrypted certain elements of our network. Upon discovery, we activated our response protocols and implemented containment measures, including proactively isolating impacted systems. We are actively working to assess and remediate the incident with the assistance of third-party cybersecurity professionals and have notified law enforcement of the matter.<\/p>\n

We have implemented our contingency plans, and we continue to provide patient care. However, the incident is impacting some of our operations, and while we have implemented interim measures to allow for the restoration of certain functions, we cannot estimate the duration or extent of the disruption at this time.<\/p>\n

Given the recency of the incident, our investigation and response are ongoing, and the full scope, nature, and potential ultimate impact on the Company are not yet known.<\/p>\n

As a final note, remember that Form 8-K Item 8.01 is filed information and Item 7.01 is only furnished.\u00a0 Careful consideration should be given as to whether a company wants this information to be furnished or filed.<\/p>\n

As always, your thoughts and comments are welcome!<\/p>\n","protected":false},"excerpt":{"rendered":"

On April 12, 2025, Davita, Inc. reported a cybersecurity attack on Form 8-K.\u00a0 Interestingly, and appropriately, the company did not report the event on Item 1.05.\u00a0 The instructions for Item 1.05 begin with: Item 1.05 Material Cybersecurity Incidents. (a) If the registrant experiences a cybersecurity incident that is determined by the registrant to be material, … Continue reading An Example Cybersecurity Event Form 8-K<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_wpas_customize_per_network":false},"categories":[242],"tags":[],"coauthors":[154],"class_list":["post-7781","post","type-post","status-publish","format-standard","hentry","category-reporting"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts\/7781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/comments?post=7781"}],"version-history":[{"count":0,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/posts\/7781\/revisions"}],"wp:attachment":[{"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/media?parent=7781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/categories?post=7781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/tags?post=7781"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/seciblog.pli.edu\/index.php\/wp-json\/wp\/v2\/coauthors?post=7781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}