Medical device manufacturer UFP Technologies on Tuesday disclosed a cybersecurity incident that involved the theft of files and the disruption of some IT systems.
UFP Technologies is a Massachusetts-based contract manufacturer and designer of custom-engineered solutions, specializing in medical devices, sterile packaging, and highly specialized components for healthcare and other industries.
The company revealed in an 8-K filing with the SEC that it detected an IT systems intrusion on February 14.
The incident has disrupted many systems, including those used for billing and the creation of customer delivery labels.
“Certain Company or Company-related data appear to have been stolen or destroyed,” UFP said. “As a result of the Company’s contingency plans and data backup systems, the Company implemented planned solutions for the issues posed by the incident. The Company’s operations have continued since the detection of the cybersecurity incident in all material respects.”
Its investigation found that attackers exfiltrated files, but UFP is still working to determine what types of information have been compromised and whether it includes personal information.
The company said the cyberattack has not had a material impact and expects many of the costs for containing and investigating the incident to be covered by insurance.
UFP’s brief description of the incident indicates that the company has been targeted in a ransomware attack that involved both data theft and the deployment of file-encrypting malware.
However, at the time of writing no known ransomware group appears to have taken credit for an attack on UFP.
Related: US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach
Related: Mississippi Hospital System Closes All Clinics After Ransomware Attack
Related: Wynn Resorts Confirms Data Breach After Hackers Remove It From Leak Site
