2021 ESG Report Healthy Business Conducting Business with Integrity CVS Health is committed to operating with integrity, transparency, and adherence to our core values. Our strategy to reinvent the health care experience is built upon the trust of the customers, colleagues, investors and business partners who rely on us. Through last year’s continued disruption due to the pandemic, we delivered on our business strategy while maintaining the highest levels of performance and regulatory compliance. Upholding leading Enhancing information We continue to find ways to deter governance practices security threat actors from directly targeting We adapted to ever-changing our customers with phishing emails Our commitment to good external influences that affected pretending to be from CVS Health. governance is tied to a long-held our business, including regulatory corporate strategy that prioritizes changes and new cyber threats. With a recent security enhancement, excellence and accountability. We are making investments in more than 20 million fraudulent In 2021, we worked to maintain smarter and more automated emails were blocked from directly our stringent internal standards, predictive systems to enhance reaching our customers. developed to meet or exceed security. We protected our We continued to build-out our applicable regulations. We COVID-19 response work, securing systems to improve the consumer continuously benchmark our our remote workforce and our experience and enhance security. compliance program against vaccine related systems. We expanded our next generation industry standards and Department authentication capabilities to of Justice guidance, as well as As we accelerated the digital address emerging and evolving evolution of health care, we further safeguard more consumers across risks. We worked diligently to integrated data privacy and additional channels, including guarantee the quality and integrity information security into the design the integration of voice security of our products and to identify and development of our systems, technologies within our call centers. and address human rights and processes and products. We employ other risks associated with our advanced analytics to monitor all our supply chain. information systems and to detect and respond quickly to anomalies. Information on our compliance to Although ransomware continued to governance standards can be found be a threat across the health care in our Code of Conduct. industry in 2021, CVS Health was not materially impacted by such attacks. 37