UFP Technologies Hit by Cyberattack, Data Theft Confirmed
UFP Technologies, a Massachusetts-based manufacturer of medical devices and components, recently disclosed a cybersecurity incident that compromised its IT systems and resulted in the theft of company data. The incident, detected on February 14, 2026, has impacted billing processes and customer delivery label creation, according to a filing with the U.S. Securities and Exchange Commission (SEC).
Incident Details and Impact
The company, which employs 4,300 people and reported $600 million in annual revenue as of recent data, immediately implemented isolation and remediation measures and engaged external cybersecurity advisors to investigate the breach. Preliminary findings indicate the threat actor has been removed from UFP Technologies’ IT systems, and access to impacted information has been restored. BleepingComputer first reported on the incident.
While the investigation is ongoing, UFP Technologies confirmed that certain company-related data was stolen or destroyed. The nature of the malware used in the attack remains unclear, but the data destruction suggests a potential ransomware or wiper attack. As of February 25, 2026, no ransomware group has publicly claimed responsibility for the attack. SecurityWeek provided initial reporting on the incident.
Data Compromise and Notification
UFP Technologies is currently working to determine the specific types of information compromised and whether personal information was included. The company stated it will notify impacted individuals as required by law if personal data was exfiltrated. GovInfoSecurity highlighted the SEC filing regarding the incident.
Financial and Operational Impact
Despite the cybersecurity incident, UFP Technologies reports that its primary IT systems remain operational and that the incident is unlikely to have a material impact on its operations or financials. The company anticipates that many of the costs associated with containing and investigating the incident will be covered by insurance. CyberWebSpider summarized details from the SEC filing.
Looking Ahead
This incident underscores the growing cybersecurity risks facing the healthcare supply chain and medical device manufacturers. As UFP Technologies continues its investigation and remediation efforts, it serves as a reminder of the importance of robust cybersecurity measures and incident response plans in protecting sensitive data and ensuring operational continuity.