When dealing with a cybersecurity incident response, nonprofit healthcare systems have different constituents to consider. Patients and staff who risk having personal information exposed or procedures postponed are the most important, but bondholders of a system’s debt also will want to know about the incident. The Securities and Exchange Commission recently updated its Compliance and Disclosure Interpretations related to cybersecurity incidents for public reporting companies. Read on to learn more about how this guidance, which is not binding on nonprofit healthcare systems that issue bonds, still provides helpful insights.