UFP Technologies, a U.S.-based medical device manufacturer, has revealed that a recent cybersecurity incident compromised parts of its IT systems and led to data theft.
The publicly traded company, which designs and manufactures devices used in surgery, wound care, implants, orthopedic treatments, and healthcare wearables, disclosed the incident in a filing with the U.S. Securities and Exchange Commission. UFP Technologies employs about 4,300 people and reports annual revenue of 600 million dollars, with a market capitalization of 1.86 billion dollars.
According to the filing, the company detected suspicious activity on its IT systems on February 14. It quickly implemented isolation and remediation measures and brought in external cybersecurity experts to investigate the breach.
Preliminary findings suggest that the threat actor has been removed from the company’s systems and that access to affected information has largely been restored. However, the investigation found that the attacker was able to steal data from compromised systems.
In its SEC filing, UFP Technologies said the incident affected many, but not all, of its IT systems. Disruptions were reported in areas such as billing and label printing for customer deliveries. The company also stated that certain company or company-related data may have been stolen or destroyed.
The mention of data destruction raises the possibility of a ransomware or wiper attack, although the exact type of malware involved has not been confirmed. As of now, no ransomware group has publicly claimed responsibility for the breach.
UFP Technologies said it has not yet determined whether personal information was accessed or exfiltrated. If it later confirms that personal data was affected, the company said it will notify impacted individuals in accordance with legal requirements.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Despite the breach, UFP Technologies stated that its primary IT systems remain operational. Based on its current assessment, the company does not expect the cybersecurity incident to have a material impact on its overall operations or financial performance.
