Global Medical REIT (GMRE) Risk Analysis

As of December 31, 2024, approximately 16%, 12%, 9%, 7%, 6%, 6%, and 5% of our total annualized base rent was derived from properties located in Texas, Florida, Ohio, Pennsylvania, Illinois, Arizona and Michigan, respectively. As a result of this geographic concentration, we are particularly exposed to downturns in these states' economies or other changes in local real estate market conditions. Any material changes in the current payment programs or regulatory, economic, environmental or competitive conditions in these states could have an amplified effect on our business, financial condition and results of operations, our ability to make distributions to our stockholders and the trading price of our common and preferred stock than if our properties were more geographically diverse.

Our healthcare facilities often face competition from nearby hospitals and other healthcare facilities that provide comparable services, including urgent care and primary care facilities as well as home healthcare companies. These competitors may have greater geographic coverage, better access to physicians and patients and provide or are perceived to provide higher quality services. From time to time and for reasons beyond our control, managed care organizations may change their lists of preferred hospitals or in-network physicians, which may favor our tenants' competitors. Furthermore, our tenants may lose physicians to their competitors or an increase in telehealth services could reduce the need for healthcare facilities. Any reduction in rental revenues resulting from the inability of our tenants or their associated healthcare delivery systems to compete or due to a reduced need for healthcare facilities generally may have a material adverse effect on our business, financial condition, results of operations, our ability to make distributions to our stockholders and the trading price of our common and preferred stock.

We and our tenants face risks associated with security breaches, whether through cyber-attacks or cyber intrusions over the Internet, malware, computer viruses, attachments to emails, company insiders, or persons with access to our and our tenants' systems, and other significant disruptions of our and our tenants' information technology ("IT") networks and related systems. Also, remote work arrangements may increase the risk of cybersecurity incidents, data breaches or cyber-attacks. The risk of a security breach or disruption, particularly through cyber-attack or cyber-intrusion, including by computer hackers, foreign governments and cyber-terrorists, has generally increased as the number, intensity, and sophistication of attempted attacks and intrusions from around the world have increased. Our and our tenants' IT networks and related systems are essential to the operation of each of our businesses and our and our tenants' ability to perform day-to-day operations (including maintaining confidential patient data). Although we make efforts to maintain the security and integrity of our IT networks and related systems, and we have implemented various measures to manage the risk of a security breach or disruption, there can be no assurance that these security measures will be effective or that attempted security breaches or disruptions would not be successful or damaging. Additionally, our tenants may not have enough risk mitigation measures in place or, even if they do, such measures may not be effective. Even the most well protected information, networks, systems, and facilities remain potentially vulnerable because the techniques used in such attempted security breaches evolve and generally are not recognized until launched against a target, and in some cases are designed not to be detected and may not be detected. Accordingly, we and our tenants may be unable to anticipate these techniques or to implement adequate security barriers or other preventative measures, and it is therefore impossible to entirely mitigate the risk. A security breach or other significant disruption involving our or our tenants' IT networks and related systems could: - Disrupt the proper functioning of our or our tenants' networks and systems and therefore our operations and/or those of our tenants;- Result in the unauthorized access to, and destruction, loss, theft, misappropriation or release of proprietary, confidential, sensitive, or otherwise valuable information about us, our tenants or our tenants' patients, which others could use to compete against us or our tenants or which could expose us or our tenants to regulatory action or damage claims by third-parties;- Result in misstated financial reports, violations of loan covenants, missed reporting deadlines, and/or missed permitting deadlines;- Result in our inability to properly monitor our compliance with the rules and regulations regarding our qualification as a REIT;- Jeopardize the building systems relied upon by our tenants for the efficient use of their leased space;- Require significant management attention and resources to remedy any damages that result;- Subject us or our tenants to claims for breach of contract, damages, credits, penalties, or termination of leases or other agreements; or - Damage our and our tenants' reputations. Any or all the foregoing could have a material adverse effect on our business, financial condition and results of operations, our ability to pay distributions to our stockholders and the trading price of our common and preferred stock. New technologies also continue to develop, including tools that harness generative artificial intelligence and other machine learning techniques (collectively, "AI"). AI is developing at a rapid pace and becoming more accessible. As a result, the use of such new technologies by us or our tenants can present additional known and unknown risks, including, among others, the risk that confidential information may be stolen, misappropriated or disclosed and the risk that we and/or our tenants may rely on incorrect, unclear or biased outputs generated by such technologies, any of which could have an adverse impact on us and our business. See "-Artificial intelligence and other machine learning techniques could increase competitive, operational, legal and regulatory risks to our business in ways that we cannot predict."

The use of AI by us and others, and the overall adoption of AI throughout society, may exacerbate or create new and unpredictable competitive, operational, legal and regulatory risks to our business. There is substantial uncertainty about the extent to which AI will result in dramatic changes throughout the world, and we may not be able to anticipate, prevent, mitigate or remediate all of the potential risks, challenges or impacts of such changes. These changes could potentially disrupt, among other things, our business model, investment strategies and operational processes. Some of our competitors may be more successful than us in the development and implementation of new technologies, including services and platforms based on AI, to improve their operations. If we are unable to adequately advance our capabilities in these areas or do so at a slower pace than others in our industry, we may be at a competitive disadvantage. If the data we, or third parties whose services we rely on, use in connection with the possible development or deployment of AI is incomplete, inadequate or biased in some way, the performance of our business could suffer. In addition, recent technological advances in AI both present opportunities and pose risks to us. Data in technology that uses AI may contain a degree of inaccuracy and error, which could result in flawed algorithms in various models used in our business. The volume and reliance on data and algorithms also make AI more susceptible to cybersecurity threats, including data poisoning and the compromise of underlying models, training data or other intellectual property. Our personnel or the personnel of our service providers could, without being known to us, improperly utilize AI and machine learning-technology while carrying out their responsibilities. This could reduce the effectiveness of AI technologies and adversely impact us and our operations to the extent that we rely on the AI's work product. There is also a risk that AI may be misused or misappropriated by third parties we engage. For example, a user may input confidential information, including material non-public information or personally identifiable information, into AI applications, resulting in the information becoming a part of a dataset that is accessible by third-party technology applications and users, including our competitors. Further, we may not be able to control how third-party AI that we choose to use is developed or maintained, or how data we input is used or disclosed. The misuse or misappropriation of our data could have an adverse impact on our reputation and could subject us to legal and regulatory investigations or actions or create competitive risk. In addition, the use of AI by us or others may require compliance with legal or regulatory frameworks that are not fully developed or tested, and we may face litigation and regulatory actions related to our use of AI. There has been increased scrutiny, including from global regulators, regarding the use of "big data," diligence of data sets and oversight of data vendors. Our ability to use data to gain insights into and manage our business may be limited in the future by regulatory scrutiny and legal developments.