UFP Technologies Data Breach Affects Key Systems: Investigation Underway

UFP Technologies, Inc., a leading designer and custom manufacturer of medical devices and sterile packaging, recently experienced a cybersecurity incident impacting its information technology systems. The company detected suspicious activity on Feb. 14, 2026, and began investigating the situation with the help of external cybersecurity experts.

The breach affected many, but not all, of the company’s IT systems. Critical business functions such as billing and label making for customer deliveries were disrupted. Although UFP Technologies’ contingency plans and data backup systems allowed operations to continue in all material respects, the company confirmed that certain company or company-related data was either stolen or destroyed during the incident.

At this time, the company is still investigating the extent of the breach, including whether any sensitive personal information or protected health information was involved. The company has confirmed that some files were exfiltrated, but has not yet determined the specific types of information exposed or the number of individuals affected.

The identity of the party responsible for the breach has not been disclosed, but the company believes the threat actor has been removed from its systems and access to impacted information has been restored.

The breach was disclosed to the U.S. Securities and Exchange Commision.

UFP Technologies' response

UFP Technologies is currently evaluating what legal and regulatory notifications or filings may be required as a result of the incident.

As of the latest update, the company has not identified a material impact on its financial systems, operations or financial condition. The company expects that a significant portion of the direct costs related to the incident will be reimbursed through insurance.

For individuals who may be affected, it is important to remain vigilant. Since the investigation is ongoing and the extent of any sensitive information exposure is not yet known, those who have interacted with UFP Technologies should monitor their accounts and communications for unusual activity.

The company will provide additional notifications as required by law if it is determined that personal information was compromised.