MEDICAL device maker UFP Technologies disclosed a cybersecurity incident that involved data theft and the disruption of some IT systems, with an IT intrusion detected on 14 February. The company said attackers exfiltrated files and that it is still determining what types of information were compromised, including whether personal data is affected. Its actions included implementing contingency measures and relying on data backups, and operations have continued in all material respects.
Investigators described the incident as a ransomware attack involving both data theft and the deployment of file-encrypting malware, though at the time of writing no ransomware group had taken public credit. The disclosure, filed in an 8-K with the SEC, notes that the incident has not had a material impact and that many containment and investigation costs are expected to be covered by insurance. Written for SecurityWeek by Eduard Kovacs, the report was published on 25 February 2026. According to the SEC, UFP is continuing its review to determine the scope of affected information.