Hologic Inc.: 10-K Risk Factor Changes

Increased global cybersecurity vulnerabilities, threats, computer viruses, ransomware and phishing attacks and more sophisticated and targeted cyber-related attacks, as well as cybersecurity failures resulting from human error and technological errors, pose a risk to the security of Hologic and its customers, business partners' and suppliers' products, systems and networks and the confidentiality, availability and integrity of data on these products, systems and networks. As the perpetrators of such attacks become more capable, as cybercrime becomes commoditized, and as critical infrastructure is increasingly becoming digitized, the risks in this area continue to grow. While we attempt to mitigate these risks by employing certain physical, administrative, and technical measures, including, but not limited to, employee training, logical access controls, monitoring and testing, and maintenance of protective systems and contingency plans, we remain potentially vulnerable to additional known or unknown threats, and we cannot assure that the impact from such threats will not be material. In addition to existing risks, flexible work arrangements, the adoption of new technologies and acquisitions of new businesses may also increase our exposure to cybersecurity breaches and failures. We regularly assess external and internal cybersecurity-related risks and identify potential improvements to our cybersecurity program (including its staffing, processes, and technology). When potential improvements are identified, we weigh the costs and benefits of such improvements (including against other potential improvements) and, if selected, the improvements are added to a roadmap for possible implementation. Additionally, we have incurred and expect to continue to incur significant costs implementing additional security measures to protect against existing and emerging cybersecurity threats. We also have access to sensitive, confidential or personal data or information that is subject to privacy and security laws, regulations or customer-imposed controls. Despite our implementation of certain controls to protect our systems and sensitive, confidential or personal data or information, we may be vulnerable to material security breaches, theft, misplaced, lost or corrupted data, employee errors and/or malfeasance (including misappropriation by departing employees) that could potentially lead to the compromising of sensitive, confidential or personal data or information, improper use of our systems, software solutions or networks, unauthorized access, use, disclosure, modification or destruction of information, defective products, production downtimes and operational disruptions. In addition, a cyber-related attack could result in other negative consequences, including damage to our reputation or competitiveness, remediation or increased protection costs, litigation or regulatory action. While we carry cyber liability insurance, such insurance may not cover us with respect to any or all claims or costs associated with such a breach. Although we have experienced occasional cybersecurity incidents and/or attempted breaches of our computer systems, to date we do not believe any of these breaches have had a material effect on our business, operations or reputation. 22 22 22 Table of Contents Table of Contents

Increased global cybersecurity vulnerabilities, threats, computer viruses, ransomware and phishing attacks and more sophisticated and targeted cyber-related attacks, as well as cybersecurity failures resulting from human error and technological errors, pose a risk to the security of Hologic and its customers, business partners' and suppliers' products, systems and networks and the confidentiality, availability and integrity of data on these products, systems and networks. As the perpetrators of such attacks become more capable, as cybercrime becomes commoditized, and as critical infrastructure is increasingly becoming digitized, the risks in this area continue to grow. While we attempt to mitigate these risks by employing a number of measures, including employee training, monitoring and testing, and maintenance of protective systems and contingency plans, we remain potentially vulnerable to additional known or unknown threats, and we cannot assure that the impact from such threats will not 24 24 24 Table of Contents Table of Contents be material. In addition to existing risks, flexible work arrangements, the adoption of new technologies and acquisitions of new businesses may also increase our exposure to cybersecurity breaches and failures. We also have access to sensitive, confidential or personal data or information that is subject to privacy and security laws, regulations or customer-imposed controls. Despite our implementation of controls to protect our systems and sensitive, confidential or personal data or information, we may be vulnerable to material security breaches, theft, misplaced, lost or corrupted data, employee errors and/or malfeasance (including misappropriation by departing employees) that could potentially lead to the compromising of sensitive, confidential or personal data or information, improper use of our systems, software solutions or networks, unauthorized access, use, disclosure, modification or destruction of information, defective products, production downtimes and operational disruptions. In addition, a cyber-related attack could result in other negative consequences, including damage to our reputation or competitiveness, remediation or increased protection costs, litigation or regulatory action. Although we have experienced occasional actual or attempted breaches of our computer systems, to date we do not believe any of these breaches has had a material effect on our business, operations or reputation.

Global supply constraints have and may continue to adversely affect our ability to meet customer demand, and increase our costs to manufacture, transport and warehouse a certain subset of our products. In addition, global supply constraints have resulted in increases to the costs of production of certain of our products that we may not be able to pass on to our customers. We expect these factors will continue to impact us in the future and obtaining alternative sources of raw materials and components could involve significant costs and regulatory challenges and may not be available to us on reasonable terms, if at all. In particular, our ability to manufacture our Breast Health capital equipment products, primarily, but not limited to, our 3D Dimensions systems, Trident specimen radiography systems, Affirm Prone Biopsy systems and Brevera systems, is dependent on the supply of such raw materials and components, including semiconductor chips. If we are unable to obtain sufficient quantities of raw materials and components on commercially reasonable terms or in a timely manner, our ability to manufacture our capital equipment products, in particular, our Breast Health products, on a timely and cost-competitive basis could materially adversely affect our revenues and results of operations and harm our competitive position and reputation.

Global supply constraints and cost impacts as a result of worldwide economic disruptions, electronic component shortages, fear of future or ongoing pandemics, inflation, recessionary conditions and geopolitical events, including the war in Ukraine, are impacting our ability to procure critical raw materials and components, including semiconductor chips, and are adversely affecting our ability to meet customer demand for, and increasing our costs to manufacture, transport and warehouse a certain subset of our products. Obtaining alternative sources of raw materials and components could involve significant costs and regulatory challenges and may not be available to us on reasonable terms, if at all. In particular, our ability to manufacture our Breast Health capital equipment products, primarily, but not limited to, our 3D Dimensions systems, Trident specimen radiography systems, Affirm Prone Biopsy systems and Brevera systems, is dependent on the supply of such raw materials and components, including semiconductor chips. If we remain unable to obtain sufficient quantities of raw materials and components on commercially reasonable terms or in a timely manner, our ability to manufacture our capital equipment products, in particular, our Breast Health products, on a timely and cost-competitive basis could materially adversely affect our revenues and results of operations and harm our competitive position and reputation. 20 20 20 Table of Contents Table of Contents

In most cases, the manufacturing and warehousing of each of our products is concentrated in one or a few locations. In addition, we rely on a single laboratory facility to process each of our Biotheranostics gene expression tests for breast cancer. An interruption in manufacturing, testing capabilities or warehousing at any of these facilities, as a result of equipment failure, transportation interruptions, disruptions caused by strikes or other labor unrest, epidemics or pandemics, natural disaster, 24 24 24 Table of Contents Table of Contents environmental factors or property damage could reduce, delay or prevent the production and distribution of our products. Our facilities and those of our contract manufacturers, suppliers, customers or third parties on which we depend are also subject to the risk of catastrophic loss due to unanticipated events, such as fires, earthquakes, explosions, floods or weather conditions, or other events outside of our control. Our facilities may experience plant shutdowns, strikes or other labor disruptions, or periods of reduced production as a result of equipment failures, loss of power, gray outs, delays in deliveries or extensive damage, which could harm our business and prospects. Some of our manufacturing operations are located outside the U.S., including in Costa Rica and the United Kingdom. Those manufacturing operations are also subject to additional challenges and risks associated with international operations described herein.

In most cases, the manufacturing and warehousing of each of our products is concentrated in one or a few locations. In addition, we rely on a single laboratory facility to process each of our Biotheranostics gene expression tests for breast cancer. An interruption in manufacturing, testing capabilities or warehousing at any of these facilities, as a result of equipment failure, transportation interruptions, disruptions caused by the continued impact of COVID-19, other epidemics or pandemics, natural disaster, environmental factors or property damage could reduce, delay or prevent the production and distribution of our products. Our facilities and those of our contract manufacturers or suppliers are also subject to the risk of catastrophic loss due to unanticipated events, such as fires, earthquakes, explosions, floods or weather conditions. Our facilities may experience plant shutdowns, strikes or other labor disruptions, or periods of reduced production as a result of equipment failures, loss of power, gray outs, delays in deliveries or extensive damage, which could harm our business and prospects. Some of our manufacturing operations are located outside the U.S., including in Costa Rica and the United Kingdom. Those manufacturing operations are also subject to additional challenges and risks associated with international operations described herein.

A significant portion of our indebtedness is subject to floating interest rates, which makes us more vulnerable in the event of adverse economic conditions, increases in prevailing interest rates, or a downturn in our business. As of September 30, 2023, approximately $1.5 billion aggregate principal of our indebtedness, which represented the outstanding principal under our credit facilities, was subject to floating interest rates. We currently have hedging arrangements (interest rate swaps) in place to partially mitigate the impact of higher interest rates. We have an interest rate swap in the notional amount of $1.0 billion expiring on December 17, 2023, and have entered into two consecutive interest rate swaps that will provide us with a continued hedge, in the notional amounts of $500 million, through September 25, 2026, following the expiration of our current interest rate swap. The new interest rate swaps are at higher interest rates than the current swaps. As a result of the lower notional amount and higher interest rates, we expect that we will continue to have exposure to increased interest rates and incur charges for interest at a higher rate, following the expiration of our current interest rate swap on December 17, 2023.

A significant portion of our indebtedness is subject to floating interest rates, which makes us more vulnerable in the event of adverse economic conditions, increases in prevailing interest rates, or a downturn in our business. As of September 24, 2022, approximately $1.5 billion aggregate principal of our indebtedness, which represented the outstanding principal under our credit facilities, was subject to floating interest rates. We currently have a hedging arrangement (an interest rate swap that expires on December 17, 2023) in place to partially mitigate the impact of higher interest rates. We cannot assure that we would be able to extend this hedge at an attractive price and terms.