UFP Technologies discloses data breach after cybersecurity incident

As detailed in Bleeping Computer, UFP Technologies, a prominent American manufacturer of medical devices, has confirmed a significant cybersecurity incident that has compromised its IT systems and sensitive data. The company, which specializes in components for surgical, wound care, implant, and wearable medical applications, detected unauthorized activity on February 14.

The breach impacted various IT systems, affecting functions such as billing and label creation for customer deliveries. While UFP Technologies believes the threat actor has been removed and system access restored, the investigation indicates that some company or company-related data was stolen or potentially destroyed, suggesting a possible ransomware or wiper attack. The company has engaged external cybersecurity experts to aid in the ongoing investigation. At present, no ransomware group has claimed responsibility for the incident.

UFP Technologies is currently assessing whether personal information was exfiltrated and will issue notifications if confirmed, adhering to legal requirements. Despite the breach, the company's primary IT systems remain operational, and it anticipates no material impact on its overall operations or financial performance.

Source: Bleeping Computer