LivaNova (LIVN) Risk Analysis

LivaNova designs, develops, manufactures, markets, and sells medical devices that pose product liability risks. Component failures, manufacturing defects, software errors, design flaws or inadequate disclosure of product-related risks or product or use-related information, or physician misuse with respect to these or other products the Company manufactures or sells could result in an unsafe condition for, injury to, or death of a patient. Such an event could result in product liability claims or a recall of, or safety alert relating to, one or more of LivaNova's products. For example, as described in "Note 11. Commitments and Contingencies" in LivaNova's consolidated financial statements included in this Report, the Company is involved in product liability litigation relating to its cardiopulmonary 3T Heater-Cooler product that has adversely affected LivaNova's financial condition and has required the Company to devote significant resources to its defense and/or settlement of these claims. Any such product liability claims, whether unsubstantiated or not, could negatively affect LivaNova's reputation, business, results of operations, cash flows, and financial condition. LivaNova holds global insurance policies to cover a portion of future potential product liability losses and has elected to self- insure with respect to a significant portion of the Company's product liability risks. Any product liability claims, regardless of their ultimate outcome, could have a material adverse effect on the Company's ability to attract and retain customers for its products, and future losses from product liability claims could exceed LivaNova's product liability insurance coverage and lead to a material adverse effect on the Company's financial condition and liquidity. In addition, future unanticipated large liability claims may raise substantial doubt about LivaNova's ability to continue as a going concern.

There is a heightened focus on issues relating to sustainability, including environmental stewardship, social responsibility, and corporate governance matters. Increasing attention on sustainability issues related to LivaNova's business requires continuous monitoring of various and evolving laws, regulations, standards, and expectations and the associated reporting requirements. For example, in 2023, the CSRD entered into force. Broadly, CSRD amends and strengthens the rules introduced on sustainability reporting for companies, banks and insurance companies under the NFRD and will require a much broader range of in-scope companies to publicly report on their impact on sustainability matters as well as how sustainability matters affect their own development, performance and position in accordance with the ESRS. To the extent LivaNova is in scope of the reporting requirements under CSRD, the Company will be required to provide such information with its management report. This will involve implementing processes to gather the relevant data, conduct materiality assessments, and prepare a CSRD-compliant report, which will likely be a time-consuming and costly exercise, and in the event that LivaNova's disclosures prove incorrect, the Company may incur liabilities. When producing a CSRD report, LivaNova may be required to obtain an assurance opinion with respect to the information in the report. To the extent an adverse or qualified assurance conclusion is reached with respect to LivaNova's report, the Company's reputation may be impacted, and investors could lose confidence in the accuracy and completeness of its sustainability disclosures. Subject to the specific circumstances of an adverse or qualified conclusion, LivaNova may also be subject to sanctions set by EU Member States. Further, there are ongoing consultations that may result in further changes or amendments to CSRD. No final proposals have yet been set out, but this process could lead to significant changes to the CSRD regime. It is unclear as to how any such future changes could impact LivaNova. Furthermore, if LivaNova's sustainability initiatives fail to satisfy investors, customers, or other stakeholders, the Company's reputation, its ability to sell products and services to customers, and its attractiveness as an investment, business partner, or acquirer could be negatively impacted. Similarly, LivaNova's failure, or perceived failure, to fulfill its sustainability goals or to satisfy various reporting standards could also have a similar negative impact on the Company's reputation, business, and results of operations. Environmental regulations continue to become more stringent, and LivaNova may experience increased compliance burdens and costs to meet its regulatory obligations, as well as adverse impacts on raw material sourcing, manufacturing operations, and the distribution of LivaNova's products. Additionally, certain environmental laws assess liability on current, prior, and/or related owners or operators of real property for the costs of investigation, removal, or remediation of hazardous substances on their properties or at properties on which they have disposed of hazardous substances. For example, LivaNova's Saluggia campus contains hazardous substances as a result of nuclear installations built in 1960 under previous ownership, and the Italian government has stated that LivaNova will eventually be responsible for dismantling the nuclear installation on Company property, as well as delivering the aforementioned waste to a national repository. It is also possible that a governmental authority may seek to hold LivaNova liable for successor liability violations committed by any companies in which LivaNova invests or acquires. For example, LivaNova is currently in litigation with the government in Italy stemming from a civil action where the Court of Appeal declared LivaNova (formed through a merger with Sorin) liable for environmental liabilities incurred by SNIA's (a former parent company of Sorin) other subsidiaries. See "Note 11. Commitments and Contingencies" in LivaNova's consolidated financial statements included in this Report for additional information regarding these two matters. LivaNova's business, results of operations, cash flows, financial condition, and liquidity could be materially adversely affected by a negative decision in the case of SNIA and could be adversely affected by an increase in anticipated costs relating to disposal of hazardous waste in Saluggia. Private parties could also bring personal injury or other claims due to the presence of, or exposure to, hazardous substances. In addition, LivaNova's operations involve the use of substances regulated under environmental laws, including for purposes of sterilization. Regulations require sterilization of LivaNova's products, and the Company operates, for example, a sterilization facility in Colorado allowing the Company to sterilize certain of its products in-house. The EPA and certain states have begun scrutinizing the levels of community exposure to EtO, which is used in the sterilization process. Certain medical device operating facilities have been designated as "elevated risk" facilities based on emission levels of EtO. LivaNova is not on the "elevated risk" list, nor is it in violation of any current local or federal regulations. However, to the extent LivaNova or its contract sterilizers are unable to sterilize LivaNova's products, whether due to regulatory, legislative, or other constraints, including on the use of EtO, LivaNova may be unable to transition to alternative internal or external resources or methods in a timely or cost-effective manner or at all, which could have a material impact on LivaNova's results of operations and financial condition.

LivaNova purchases many of the components and raw materials used in manufacturing its products from numerous suppliers in various countries. In some cases, LivaNova purchases specific components and raw materials from primary or main suppliers (or in some cases, a single or sole supplier) for reasons related to quality assurance, cost-effectiveness, and availability. Although the Company has generally been able to maintain necessary supplies of raw materials and components, supplier shortages and interruptions of certain components, such as PC-coated PMP fiber used in the manufacture of oxygenators, have caused, and may in the future cause, meaningful disruptions to LivaNova's product manufacturing supply chain. Any problem affecting a supplier (whether due to external or internal causes) could have, and in certain instances, has had, a negative impact on LivaNova. Difficulties and delays in manufacturing, internally, externally, or otherwise within the supply chain, may lead to voluntary or involuntary business interruptions or shutdowns, employee furloughs, product shortages, withdrawals or suspensions of products from the market, and potential regulatory action. Moreover, due to strict standards and regulations governing the manufacture and marketing of LivaNova's products, the Company may not be able to locate new supply sources quickly or at all in response to a supply reduction or interruption, especially for components and raw materials sourced by a single or sole supplier, resulting in negative effects on its ability to meet market demand and to manufacture products effectively and timely. To the extent the Company is unsuccessful in managing its supply chain, any such issues could have a material adverse effect on LivaNova's business, results of operations, cash flows, and financial condition.

There is significant regulatory enforcement focus on data protection in the U.S. (at both federal and state levels) and abroad, and an actual or alleged failure to comply with applicable U.S. or international data protection laws or regulations or other data protection standards may expose LivaNova to regulatory investigations, litigation (including class action litigation), fines, sanctions, settlement costs, or other penalties and liabilities, which could harm the Company's reputation and adversely impact LivaNova's business, results of operations, cash flows, and financial condition. The Company collects, stores, and handles personnel and patient data, including sensitive patient health information, which may present material obligations and risks to LivaNova's business, including significantly expanded compliance burdens, costs, and enforcement risks. If LivaNova does not lawfully collect, store, handle, or otherwise process personal information and does not prevent cybersecurity incidents or other system or data compromises, particularly given the increased risks associated with processing sensitive health information, LivaNova may suffer legal and regulatory consequences in addition to business consequences. See "Cybersecurity incidents or other disruptions to LivaNova's information technology systems could lead to reduced revenue, increased costs, liability claims, regulatory fines, litigation, harm to LivaNova's competitive position, and loss of reputation." above. As a result of its worldwide operations, the Company is subject to various data protection and cybersecurity laws and regulations in many jurisdictions, including HIPAA, U.S. state privacy and data breach notification laws, and the GDPR. Other governments have enacted or amended or are enacting similar data protection laws, including data localization laws that require data to stay within their borders and other technical and operational adaptions that may be required given the rapid changes in data protection regulation where LivaNova conducts business. The enactment of such laws could have potentially conflicting requirements that would make compliance challenging. LivaNova's efforts to comply with applicable laws and regulations may be inadequate, and the Company may be unable to avoid enforcement actions by governmental bodies. Enforcement actions may be costly and could interrupt the regular operations of LivaNova's business. Moreover, LivaNova's insurance coverage may be insufficient to cover all losses in connection with alleged non-compliance with applicable data protection laws and regulations. In addition, in the U.S., there is a trend of civil lawsuits and class actions relating to compromises of personal information caused by cybersecurity incidents or other system or data compromises, which typically allege negligence, breach of contract, and violation of various state consumer protection laws. LivaNova USA, Inc., for example, was named as a defendant in six putative class actions arising out of the November 2023 cybersecurity incident, which were consolidated into a single action that has been settled. The Company also has received inquiries from HHS's Office for Civil Rights, U.S. state regulators, and international data protection authorities regarding the 2023 incident. In connection with any potential future cybersecurity incident, the Company similarly could become a target of civil litigation or government enforcement actions as a result of a compromise to or loss of data.

LivaNova relies on a combination of patents, trade secrets, and non-disclosure agreements to protect the Company's proprietary intellectual property. While LivaNova intends to defend against any threats to the Company's intellectual property, any litigation to counter the infringement, misappropriation, or unauthorized use of LivaNova's intellectual property may require the expenditure of significant financial and managerial resources, which may adversely affect LivaNova's business, results of operations, cash flows, and financial condition. Additionally, LivaNova's patents, trade secrets, or other agreements may not prevent competitors from independently developing or selling similar products and services and may not adequately deter misappropriation or improper use of the Company's technology. Further, pending patent applications may not result in patents being issued to LivaNova. Patents issued to or licensed by LivaNova in the past or in the future may be challenged or circumvented by competitors, and such patents may be found invalid, unenforceable, or insufficiently broad to protect the Company's technology, and may limit LivaNova's competitive advantage. Third parties could obtain patents that may require LivaNova to negotiate licenses to conduct business, and the required licenses may not be available on reasonable terms or at all. LivaNova also relies on non-disclosure and non-competition agreements with certain employees, consultants, and other parties to protect, in part, trade secrets and other proprietary rights. LivaNova cannot be certain that these agreements will not be breached, that the Company will have adequate remedies for any breach, that others will not independently develop substantially equivalent proprietary information, or that third parties will not otherwise gain access to LivaNova's trade secrets or proprietary knowledge. Further, new proposed regulations in the U.S. would prohibit certain competition agreements. These proposed regulations have been successfully litigated in lower courts, but appeals are pending, and the outcome of those cases remains uncertain. If regulations become effective as proposed and enforced, LivaNova may not be able to rely on agreements with certain of the Company's employees or other parties. LivaNova operates in an industry characterized by extensive patent litigation and has been, and is, subject to patent claims from time to time. While LivaNova intends to defend against any third-party intellectual property threats, intellectual property litigation is inherently complex and unpredictable. Such litigation can result in significant damage awards and injunctions that could prevent LivaNova's manufacture and sale of affected products or require the Company to pay significant royalties in order to continue to manufacture or sell affected products. In addition, the laws and intellectual property systems of certain countries in which LivaNova markets some of its products do not protect the Company's intellectual property rights to the same extent as in the U.S., which may impact its market position in those countries. LivaNova could also face competition in countries where the Company has not invested in an intellectual property portfolio, or where the Company has not invested in the same protection as in the U.S. If the Company is unable to protect LivaNova's intellectual property in those countries, it could have a material adverse effect on LivaNova's reputation, business, results of operations, cash flows, and financial condition.

LivaNova is increasingly dependent on its information technology systems and those of third parties to operate its business, and certain products of the Company include integrated software and information technology. Such dependencies have been exacerbated by remote work practices. LivaNova relies on information technology systems to collect and process customer orders, manage product manufacturing and shipping, and support regulatory compliance. The Company routinely processes, stores, and transmits large amounts of data, including sensitive personal information, patient health information, and confidential business information. The secure processing, maintenance, and transmission of this information are critical to LivaNova's operations. The quantity and complexity of the Company's products and information technology systems make such systems vulnerable to cybersecurity incidents, breakdowns, interruptions, destruction, loss or compromise of data, obsolescence of or incompatibility among systems, or other significant disruptions. The Company has experienced and is continually at risk of being subject to cybersecurity incidents and other disruptions. Programs and systems may require frequent updates or may no longer be supported, which may impact the ability of the Company's information technology systems to operate properly or without disruption. Unauthorized persons routinely attempt to access LivaNova's systems to disrupt, disable, or degrade services; obtain proprietary or confidential information; or remotely disrupt or access the systems of large healthcare provider customers of the Company by attempting to exploit the Company's systems. Furthermore, LivaNova's security assessments of third-party vendors may be inadequate to determine whether their security protocols are sufficient to prevent a cybersecurity incident or other system or data compromise. LivaNova also cannot be certain that the Company will receive timely notification by its third-party vendors of such matters. Cybersecurity incidents and other system and data compromises could remain undetected for an extended period, which could potentially result in significant harm to the Company's information technology systems, as well as unauthorized access to, or acquisition of, the information stored on and/or transmitted by the Company's information technology systems. In addition, to access LivaNova's products and services, its customers may use computers and other devices that are beyond the Company's security control safeguards. Unauthorized disclosure or use of, denial of access to, or other incidents involving sensitive or confidential customer, patient, employee, vendor or Company data, whether through systems failure, employee negligence, fraud, misappropriation, cybersecurity incidents, or other intentional or unintentional acts, could expose and have exposed the Company to liability under various laws and regulations across jurisdictions and increase the risk of litigation and governmental or regulatory investigation, damage LivaNova's reputation and its competitive positioning in the marketplace, disrupt its or its customers' business operations, or cause LivaNova to lose customers, potentially resulting in significant financial exposure and legal liability. Similarly, unauthorized access to or through, denial of access to, or other incidents involving LivaNova or its vendors' information systems, whether by the Company's employees or third parties, including a cyber-attack by criminal hackers, or state-sponsored organizations, who continuously develop and deploy viruses, ransomware, malware, or other malicious software programs or social engineering attacks, have resulted and could in the future result in negative publicity, significant remediation costs, legal liability, notification requirements, and damage to LivaNova's reputation, which could have a material adverse effect on the Company's business, results of operations, cash flows, and financial condition. Cybersecurity threats are constantly expanding and evolving, becoming increasingly sophisticated and complex, increasing the difficulty of detecting and defending against them and maintaining effective security measures and protocols. Additionally, artificial intelligence and machine learning may be used for certain cybersecurity incidents, improving or expanding the existing capabilities of threat actors in manners the Company cannot predict at this time, resulting in greater risk of cybersecurity incidents. Even when a cybersecurity incident or other system or data compromise is detected, the full extent of the issue may not be determined immediately. The costs to the Company to mitigate cybersecurity incidents or other system or data compromises could be significant, and, while the Company has implemented security measures to protect its information technology systems and data, its efforts to address potential information security vulnerabilities may not be successful. LivaNova's cyber risk insurance may be insufficient to cover losses in connection with a cybersecurity incident or other system or data compromise, such as attorney's fees, regulatory fines, litigation costs, or financial losses that exceed the Company's policy limits or are not covered under any of its current insurance policies. Cyber risk insurance also has become more expensive to obtain, and LivaNova cannot be certain that the Company's current levels of insurance will be available in the future on economically reasonable terms. As previously disclosed, in November 2023, LivaNova detected a cybersecurity incident that resulted in a disruption of portions of the Company's information technology systems. Promptly after detecting the issue, LivaNova began an investigation with assistance from external cybersecurity experts and coordinated with law enforcement. The Company implemented remediation measures to mitigate the impact of the incident. The Company also assessed the nature and scope of the affected data, analyzed its statutory notification obligations, and notified affected individuals and regulators as required by applicable law. The incident has been contained, and the Company's mitigation efforts are considered complete, but any future cybersecurity event has the potential to materially affect its results of operations, cash flows, and financial condition.

LivaNova operates in a highly competitive market characterized by increasingly complex products that are expensive and time- consuming to develop and manufacture. In the product lines in which LivaNova competes, the Company faces a mixture of competitors ranging from large manufacturers with multiple business lines to small manufacturers that offer a limited selection of specialized products. Development by other companies of new or improved products, processes, therapies, or technologies, including products developed with the effective use of advanced technologies like artificial intelligence, may make LivaNova's products or proposed products less competitive. The Company's failure to adopt or integrate such advanced technologies may hinder product innovation, increase costs, and impact its competitiveness and operational efficiency. In addition, LivaNova faces competition from providers of alternative medical therapies, pharmaceuticals, and surgical interventions, among others. Competitive factors include product quality, reliability and performance; product technology and innovation; breadth of product lines and product services; ability to identify new market trends; changes to the regulatory environment; cost-effectiveness and price; customer support and training; capacity to recruit engineers, scientists, and other qualified employees; ability to navigate the regulatory approval process in the markets in which LivaNova operates; reimbursement approval; reimbursement coverage; and effectiveness of systems and processes. Additionally, academic institutions, governmental agencies, and other public and private research organizations may also conduct research, seek patent protection, and establish collaborative arrangements for discovery, research, clinical development, and marketing of products similar to LivaNova's products. Difficulties in any of these areas may have a material adverse effect on LivaNova's business, results of operations, cash flows, and financial condition.