The US company UFP Technologies has recognized an incident of cybersecurity that affected its computer systems and some information stored in them. UFP, listed in stock exchange and specialized in engineering and manufacturing medical devices and components for surgery, wound care, implants, orthopaedic applications and health-dressing technologies, reported the event to the US regulator in a public document.
To place it: it is a company with thousands of employees and a relevant activity in the health supply chain. According to recent data, UFP has about 4,300 employees, an invoice of about $600 million a year and its market capitalization exceeds $1.8 billion according to PitchBook. This size makes any incident a sensitive issue, both because of the possible operational impact and the regulatory and trust implications with suppliers and customers.
The company's own notice to the regulator explains that the suspicious activity was detected on February 14 and that the reaction was immediate: systems were isolated, mediation measures were applied and external experts were hired to investigate. Preliminary investigation indicates that unauthorized access was removed, but also that information theft from compromised systems occurred, according to the public report deposited at the Securities and Exchange Commission (SEC) of the United States in the ESA.
In the same document the company notes that the incident affected "many, but not all" their systems and that there was impact on specific functions such as billing and the generation of labels for delivery to customers, which can complicate logistical and administrative processes. In addition, it is noted that certain data "appear to have been stolen or destroyed," an observation which, by its nature, points to the possibility that it is a Ransomware attack or a malware with a wiper capacity, although UFP has not publicly confirmed the exact type of malicious software involved.
Specialized media have tried to collect statements from the UFP itself to clarify whether there were data encryption or rescue demands, without a final response at the time of publication. No public claims by a group of Ransomware regarding this incident have been detected at this time. To date the company has not determined whether personal information was exfiltered; if confirmed, it will provide the notifications required by law explains the communication to the SEC.
It is important to stress that UFP ensures that its primary computer systems remain operational and that, with the data available so far, the incident is unlikely to have a material impact on its operations or financial results. This initial assessment seeks to minimize the alarm, but the changing nature of these intrusions requires caution: forensic investigations and subsequent findings may reveal additional affections.
From a sectoral perspective, any attack on companies providing medical devices raises additional concerns. The health sector is subject to specific regulatory requirements on cybersecurity and data protection, and agencies such as the Food and Drug Administration (FDA) have stressed the importance of managing cyber risks in medical devices and health systems according to the FDA. At the same time, national authorities and cybersecurity agencies have guides and alerts on the tactics and techniques that criminals use to steal data and encryption systems; for example, the Cybersecurity and Infrastructure Security Agency (CISA) maintains resources on ransomware and mitigation measures. on your portal.
The case of UFP recalls several lessons that today are essential for companies of all sizes: to have proven incident response plans, to segment networks, to keep backup copies off-line and with clear retention policies, and to maintain robust communication channels with customers, suppliers and regulators. It also highlights the need for transparency and speed in public communications in the case of listed companies, as there are specific reporting obligations to the ESA on cyber incidents and risks that are materially relevant to investors.
Beyond the company concerned, such events reinforce a reality that is no longer theoretical: cybersecurity conditions the operational continuity of critical supply chains and confidence in sensitive sectors such as health. While researchers remove forensic analysis and companies strengthen their defenses, patients, customers and partners must closely monitor official notifications and demand clarity about any risk on personal data or product and service integrity.
We will follow the evolution of the case and update with any new public information, including forensic findings, confirmations of the nature of malware and additional communications from UFP or actors involved. For those who want to consult the original source of the communication, the notice submitted to the SEC is available online Here. and for general context on Ransomware-type attacks, the information of CISA is available. Here., while the FDA provides specific guidance on cybersecurity in medical devices Here..
Safety alert Drug critical vulnerability of SQL injection in PostgreSQL requires immediate update
Drucal has published safety updates for a vulnerability qualified as "highly critical" which affects Drumal Core and allows an attacker to achieve arbitrary SQL injection in sit...
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...