Cybersecurity Risk Management and Strategy Disclosure |
12 Months Ended |
|---|---|
Dec. 31, 2025 | |
| Cybersecurity Risk Management, Strategy, and Governance [Line Items] | |
| Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block] |
Cybersecurity Risk Management, Governance and Risk Assessment
The Company is committed to protecting the confidentiality, integrity, and availability of its information systems and the data they contain from cybersecurity threats. The Company recognizes that cybersecurity is a dynamic and evolving area of risk that requires ongoing assessment, management, and oversight. The Company intends to establish a cybersecurity program (the "Program") that will be designed to assess, identify, manage, and mitigate material cybersecurity threats, as well as to respond to and recover from cybersecurity incidents.
Cybersecurity Risk Management
The Program will be based on the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework (“CSF”), NIST Special Publication 800-53, and the Payment Card Industry standards, as applicable, and designed to comply with applicable laws and regulations, including HIPAA and the New York Department of Financial Services Cybersecurity Regulation, as applicable. This does not imply that we will meet any particular technical standards, specifications, or requirements. The Program will be aligned with the Company's overall enterprise risk management system and processes and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, and financial risk areas. Control procedures are assessed regularly to confirm their effectiveness.
The Company will designate a Chief Information Security Officer (the “CISO”). The Program will be implemented and managed by the Company’s executive management under the leadership of the CISO. The Company will contract with third-party service providers to support aspects of the Program implementation, operations, and review of information technology operations and cybersecurity technologies.
The Company’s cybersecurity policies and procedures will be reviewed by the CISO and updated at least annually and will include an incident response plan (“IRP”) for detecting, responding to and limiting the effects of a cyber security event. In addition, under the IRP, following the resolution of a cybersecurity incident, the Company will generally consider the effectiveness of the Program and the IRP, make adjustments as appropriate, and report to senior management and the Audit Committee as appropriate on these matters. Cybersecurity policies and procedures will also be subject to periodic review and audits by internal and external parties, such as the internal audit function, external auditors, regulators, or independent assessors. The Company will require employees to undergo cybersecurity-related training, including phishing prevention training, and employees are tested regularly through phishing exercises. |
| Cybersecurity Risk Management Processes Integrated [Flag] | true |
| Cybersecurity Risk Management Processes Integrated [Text Block] | The Company is committed to protecting the confidentiality, integrity, and availability of its information systems and the data they contain from cybersecurity threats. The Company recognizes that cybersecurity is a dynamic and evolving area of risk that requires ongoing assessment, management, and oversight. The Company intends to establish a cybersecurity program (the "Program") that will be designed to assess, identify, manage, and mitigate material cybersecurity threats, as well as to respond to and recover from cybersecurity incidents. |
| Cybersecurity Risk Management Third Party Engaged [Flag] | true |
| Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] | true |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] | false |
| Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block] | The CISO will be responsible for assessing and managing the Company’s material risks from cybersecurity threats. The Company will conduct regular risk assessments to identify, evaluate, and prioritize material cybersecurity risks to the Company, including its health plans and state contracts, shared services and IT operations, or business strategy. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. |
| Cybersecurity Risk Board of Directors Oversight [Text Block] |
Governance
The CISO will be responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO will have the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The Program will be overseen by the Company’s Board of Directors.
Cybersecurity Risk Assessment
The CISO will be responsible for assessing and managing the Company’s material risks from cybersecurity threats. The Company will conduct regular risk assessments to identify, evaluate, and prioritize material cybersecurity risks to the Company, including its health plans and state contracts, shared services and IT operations, or business strategy. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. |
| Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] | The CISO will be responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO will have the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The Program will be overseen by the Company’s Board of Directors. |
| Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block] | The CISO will be responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO will have the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The Program will be overseen by the Company’s Board of Directors. |
| Cybersecurity Risk Role of Management [Text Block] | The CISO will be responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO will have the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The Program will be overseen by the Company’s Board of Directors. |
| Cybersecurity Risk Management Positions or Committees Responsible [Flag] | true |
| Cybersecurity Risk Management Positions or Committees Responsible [Text Block] | The CISO will be responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO will have the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The Program will be overseen by the Company’s Board of Directors. |
| Cybersecurity Risk Management Expertise of Management Responsible [Text Block] | The CISO will be responsible for developing, maintaining, and enforcing the Program's policies and procedures, as well as reporting on the Program's performance and material cybersecurity risks to the Audit Committee. The CISO will have the relevant expertise and authority to carry out the Program's objectives and to coordinate with other key stakeholders within and outside the Company. The Program will be overseen by the Company’s Board of Directors. |
| Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] | true |