our breach notification obligations, prevent us from accessing critical information, and expose us to liability or other adverse effects to our business.
In the ordinary course of our business, we may collect, process, and store proprietary, confidential, and sensitive information, including personal information (including health information), intellectual property, trade secrets, and proprietary business information owned or controlled by ourselves or other parties. It is critical that we do so in a secure manner to maintain the confidentiality, integrity, and availability of such information. We face several risks relative to protecting this critical information, including loss of access risk, inappropriate use or disclosure, inappropriate modification, and the risk of our being unable to adequately monitor, audit and modify our controls over our critical information. This risk extends to the third party service providers who handle elements of our operations.
We, our partners, our CROs, our CMOs, and other business vendors on which we rely depend on information technology and telecommunication systems for significant elements of our operations, including, for example, systems handling human resources, financial reporting and controls, regulatory compliance and other infrastructure operations. Notwithstanding the implementation of security measures, given the size and complexity of our information technology systems and those of our third party vendors and other contractors and consultants, and the increasing amounts of proprietary, confidential and sensitive information that they maintain, such information technology systems have been subject to and remain vulnerable to breakdown, service interruptions, system malfunction, natural disasters, terrorism, war and telecommunication and electrical failures, as well as security breaches from inadvertent or intentional actions by our personnel, third party vendors, contractors, consultants, business partners, and/or other third parties, or from cyber-attacks by malicious third parties (including the deployment of harmful malware, ransomware, denial-of-service attacks, social engineering, and other means to affect service reliability and threaten the confidentiality, integrity, and availability of information), which may compromise our system infrastructure, or that of our third party vendors and other contractors and consultants, or lead to data leakage. The risk of a security breach or disruption, particularly through accidental actions or omissions by trusted insiders, cyber-attacks or cyber intrusions, including by computer hackers, viruses, foreign governments, and cyber terrorists, has generally increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. Additionally, the increased usage of computers operated on home networks due to the shelter-in-place or similar restrictions related to the COVID-19 pandemic may make our systems more susceptible to security breaches. For example, in March 2021, MSK provided notice that MSK was one of many customers impacted by a data breach at Accellion, Inc., which provides a document-sharing system. MSK subsequently notified us that certain documents related to one of our discontinued programs were subject to the breach, which compromise we deemed immaterial. Although we take measures to protect sensitive data from unauthorized access, use or disclosure, we and our third party service providers frequently defend against and respond to cyber-attacks, and our information technology and infrastructure may be vulnerable to attacks by hackers or viruses or breached due to personnel error, malfeasance, or other malicious or inadvertent disruptions. Any such breach or interruption could compromise our networks and the information stored there could be accessed by unauthorized parties, manipulated, publicly disclosed, lost, or stolen.
Failures or significant downtime of our information technology or telecommunication systems or those used by our third party service providers could cause significant interruptions to our operations, including preventing us from conducting tests or research and development activities and preventing us from managing the administrative aspects of our business. For example, the loss of clinical study data from completed, ongoing or planned clinical studies could result in delays in our regulatory approval efforts and significantly increase our costs to recover or reproduce the data. In addition, sophisticated operating system software and applications that we procure from third parties may contain defects in design or manufacture, including vulnerabilities, “bugs” and other problems that could unexpectedly interfere with the operation of our networks, system, or our processing of personal information or other data. To the extent that any disruption or security breach results in a loss of or damage to our data or applications, or inappropriate disclosure of confidential or proprietary information, we could incur liability, the further development of our product candidates could be delayed, and our business could be otherwise adversely affected.
We may not be able to anticipate all types of security threats, and we may not be able to implement preventative measures effective against all such security threats. We also may not be effective in responding to, containing or mitigating the risks of an attack. The techniques used by cyber criminals change frequently, may not be recognized until launched, and can originate from a wide variety of sources, including outside groups such as external service providers, organized crime affiliates, terrorist organizations, hostile foreign governments or agencies, or cybersecurity researchers. To the extent that any disruption or security breach were to result in a loss of, or damage to, our data or applications, or those of our third party vendors and other contractors and consultants, or inappropriate disclosure of confidential or proprietary information, we could incur liability and reputational damage and the further development and commercialization of our products and services could be delayed.
The costs related to significant security breaches or disruptions could be material and could exceed the limits of the cybersecurity insurance we maintain, if any, against such risks. If the information technology systems of our third party vendors and other contractors and consultants become subject to disruptions or security breaches, we may have insufficient recourse