UFP Technologies Discloses Cybersecurity Incident Impacting Medical Device Manufacturing
UFP Technologies, a publicly traded medical device manufacturer specializing in surgical tools, wound care, implants, and healthcare wearables, has reported a cybersecurity breach affecting its IT systems. The company, which employs 4,300 people and generates $600 million in annual revenue, detected suspicious activity on February 14 and immediately implemented containment and remediation measures.
In an SEC filing submitted yesterday, UFP confirmed that the threat actor was removed from its systems, though data was stolen or destroyed during the attack. The incident disrupted functions such as billing and label production for customer deliveries but did not fully compromise all IT infrastructure. While the company has restored access to impacted systems, the nature of the attack potentially ransomware or a wiper variant remains unconfirmed, and no ransomware group has claimed responsibility.
UFP stated that it has not yet determined whether personal data was exfiltrated but will notify affected individuals if required by law. Despite the breach, the company asserts that its core operations remain functional and that the incident is unlikely to have a material financial or operational impact. Investigations, supported by external cybersecurity experts, are ongoing.
UFP Technologies cybersecurity rating report: https://www.rankiteo.com/company/ufp-technologies-inc-
"id": "UFP1772065449",
"linkid": "ufp-technologies-inc-",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Medical device manufacturing',
'name': 'UFP Technologies',
'size': '4,300 employees, $600 million annual revenue',
'type': 'Publicly traded company'}],
'data_breach': {'data_exfiltration': 'Potential data theft',
'personally_identifiable_information': 'Not yet determined'},
'date_detected': '2024-02-14',
'description': 'UFP Technologies, a publicly traded medical device '
'manufacturer, reported a cybersecurity breach affecting its '
'IT systems. The company detected suspicious activity on '
'February 14 and implemented containment and remediation '
'measures. Data was stolen or destroyed during the attack, '
'disrupting functions such as billing and label production for '
'customer deliveries.',
'impact': {'data_compromised': 'Data was stolen or destroyed',
'operational_impact': 'Disrupted functions but core operations '
'remain functional',
'systems_affected': ['billing', 'label production']},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': 'Potential data theft'},
'references': [{'source': 'SEC filing'}],
'regulatory_compliance': {'regulatory_notifications': 'Will notify affected '
'individuals if '
'required by law'},
'response': {'communication_strategy': 'SEC filing submitted',
'containment_measures': 'Implemented immediately after detection',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Restored access to impacted systems',
'remediation_measures': 'Threat actor removed from systems',
'third_party_assistance': 'External cybersecurity experts'},
'title': 'UFP Technologies Cybersecurity Incident',
'type': ['ransomware', 'wiper']}