CPSI 2017 Annual Report

28 networks of our clients. In addition, the other systems with which we may interface, such as the Internet and related systems, may be vulnerable to security breaches, viruses, programming errors or similar disruptive problems. Based on the size of our company, the industry in which we operate, and the overall percentage of impacted companies in the same or similar industry, it is probable there will be attempts to breach our security. Healthcare information has become a prime target for attackers based on the value of the information and, therefore, has the potential to increase the risk of us experiencing a cyber attack. Our systems have experienced various immaterial breaches in the past, including ransomware, denial-of-service, malware, and phishing. Also, our business partners have experienced security breaches, which is disruptive for our customers. While these events have not had an adverse impact on our business or financial condition, security breaches such as these could have a material adverse effect on our financial condition, as, (a) clients could sue us for breaches of security involving our system due to the sensitivity of the medical information we compile and transmit; (b) actual or perceived security breaches in our system could harm the market perception of our products which could cause us to lose existing and prospective clients; and (c) the effect of security breaches and related issues could disrupt our ability to perform certain key business functions and could potentially reduce demand for our products and services. Accordingly, we have expended significant resources toward establishing and enhancing the security of our related infrastructures and we have enhanced our cybersecurity risk management program and disclosure controls and procedures, as discussed under "Business - Our Products and Services." However, no assurance can be given that these efforts will be sufficient to protect against a breach or other cybersecurity incident. Also, maintaining and enhancing our infrastructure security may require us to expend significant capital in the future. New products that we introduce or enhancements to our existing products may contain undetected errors or problems that could affect client satisfaction and cause a decrease in revenues. Highly complex software products such as ours sometimes contain undetected errors or failures when first introduced or when updates and new versions are released. Tests of our products may not detect bugs or errors because it is difficult to simulate our clients’ wide variety of computing environments. Despite extensive testing, from time to time we have discovered defects or errors in our products. Defects or errors discovered in our products could cause delays in product introductions and shipments, result in increased costs and diversion of development resources, require design modifications, decrease market acceptance or client satisfaction with our products, cause a loss of revenue, result in legal actions by our clients and cause increased insurance costs. Most of our facilities are located in an area vulnerable to hurricanes and tropical storms, and the occurrence of a severe hurricane, similar storm or other natural disaster could cause damage to our facilities and equipment, which could require us to cease or limit our operations. A significant portion of our facilities and employees are located within 30 miles of the coast of the Gulf of Mexico. Our facilities are vulnerable to significant damage or destruction from hurricanes and tropical storms. We are also vulnerable to damage from other types of disasters, including tornadoes, fires, floods and similar events. If any disaster were to occur, our ability to conduct business at our facilities could be seriously impaired or completely destroyed. This would have adverse consequences for our clients who depend on us for system support or business management, consulting and managed IT services. Also, the servers of clients who use our remote access services could be damaged or destroyed in any such disaster. This would have potentially devastating consequences to those clients. Although we have an emergency recovery plan, including back-up systems in remote locations, there can be no assurance that this plan will effectively prevent the interruption of our business due to a natural disaster. Furthermore, the insurance we maintain may not be adequate to cover our losses resulting from any natural disaster or other business interruption. Interruptions in our power supply and/or telecommunications capabilities could disrupt our operations, cause us to lose revenues and/or increase our expenses. We currently have backup generators to be used as alternative sources of power in the event of a loss of power to our facilities. If these generators were to fail during any power outage, we would be temporarily unable to continue operations at our facilities. This would have adverse consequences for our clients who depend on us for system support, business management, and managed IT and professional services. Any such interruption in operations at our facilities could damage our reputation, harm our ability to retain existing clients and obtain new clients, and result in lost revenue and increased insurance and other operating costs. We also have clients for whom we store and maintain computer servers containing critical patient and administrative data. Those clients access this data remotely through telecommunications lines. If our power generators fail during any power outage or if our telecommunications lines are severed or impaired for any reason, those clients would be unable to access their mission