LifeOmic Ransomware Protection Assurance

We are proud to offer our customers data storage peace of mind.

You are eligible for the assurance and automatically covered on day one of service if (1) you are an active customer with a paying account on our Precision Health Cloud (“PHC”) platform, (2) you are currently in good standing on all invoices, and (3) you have not elected to opt out of the data redundancy service of the PHC (“Eligible Accounts”).

The Assurance is provided at no extra charge to you. However, you may choose to opt out of this Assurance at any time with a written notice to security@lifeomic.com.

Data that is private to your account only and that is stored on our platform via the PHC is covered for all Eligible Accounts (“Eligible Data”). Any data that is shared across the platform or across multiple accounts is not covered. Any data that you host or store outside of our platform (whether on your own servers or using a third party service such as AWS) is also not covered, even if you leverage the data processing capabilities and/or the APIs of the PHC to perform analysis of the data. Finally, any data that you share or transmit in any manner outside of our platform is not covered.

We work hard to ensure your Eligible Data is protected from unauthorized access, acquisition, modification, or destruction by third parties resulting from any act or omission of LifeOmic that has compromised the security, confidentiality or integrity of such Eligible Data (a “Security Breach”). If a Security Breach incident does occur (other than as a result of your own acts or omissions), LifeOmic assures your Eligible Data is fully recoverable to its original state prior to the Security Breach and the integrity of such Eligible Data will remain fully intact (the “Assurance”).

In the unlikely event and worst case scenario that your Eligible Data becomes unrecoverable or its integrity is irreversibly compromised as a result of a Security Breach, then (1) LifeOmic will be responsible for any financial extortion payment associated with recovering or restoring your Eligible Data to the maximum extent permissible by applicable law, and (2) if your Eligible Data remains unrecoverable or compromised after LifeOmic makes any payment specified in clause (1) (or if your Eligible Data is unrecoverable or compromised due to some Security Breach other than a ransomware event), then LifeOmic will reimburse you for up to one year of PHC service charges. LifeOmic’s obligations under this Assurance are not to exceed one million US dollars ($1,000,000) per customer in the aggregate.

Yes. To be covered by the Assurance, you must adopt LifeOmic’s recommended security practices to protect your data. You must: (1) never share your account access information, including username, password or answers to security questions, with any third parties, except those contractors or service providers who need to know such information in connection with supporting your permitted use of the PHC and who are themselves subject to confidentiality obligations; (2) use a unique username and password for your accounts, in accordance with LifeOmic’s required standards; and (3) use multi-factor authentication (MFA) or multi-step verification whenever possible in connection with accessing your data. For example, if the applicable authentication system being used (such as Google, your own enterprise Single Sign-On (SSO), or directly through the LifeOmic PHC) supports MFA, you must enable MFA and utilize MFA for access.

If a situation warrants a claim under this Assurance, our technology support and security team will proactively reach out to your primary account contact and guide you through the process. You must ensure you have up-to-date contact information on your account. If you suspect your Eligible Data may be subject to a Security Breach, you must immediately (1) change your account password, and (2) notify us in writing at security@lifeomic.com.

You must reasonably cooperate with our investigation into the Security Breach and our efforts to contain and remedy the Security Breach, which means that we may ask you to take follow up actions. For example, we may ask you to have a professional computer security company (selected in our discretion) perform forensic analysis of your computer systems that are involved in the Security Breach, or we may ask you to remove potential malware discovered on your computer hard-drive. We may also ask you to file a police report, provide an affidavit, or sign a release. Your failure to reasonably cooperate in all respects as provided above will void the Assurance.

We also agree to reasonably cooperate with you, at your expense, in any litigation, investigation, or other action that you deem reasonably necessary to protect your rights relating to the use, disclosure, protection and maintenance of any Eligible Data.

LifeOmic’s reimbursement responsibilities under this Assurance are strictly limited to the amounts expressly described herein. For the avoidance of doubt, in no case will LifeOmic be responsible for any (1) taxes, (2) attorneys’ fees, (3) loss of production, business opportunity, revenue or profit, (4) loss, damage, corruption or recovery of data or breach of data or system security except as expressly provided for herein, or (5) any other consequential, incidental, indirect, exemplary, special, enhanced or punitive damages, in each case regardless of whether LifeOmic was advised of the possibility of such losses or damages or such losses or damages were otherwise foreseeable, and notwithstanding the failure of any agreed or other remedy of its essential purpose.

This Assurance is in addition to (and is not intended to replace or supersede) any contractual obligations LifeOmic may have to you under any Business Associate Agreement or other written agreement entered into by you and LifeOmic, and it is in addition to any obligations LifeOmic may have by law under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related amendments and implementing regulations or otherwise.