American manufacturer of medical devices, UFP Technologies, has disclosed that a cybersecurity incident has compromised its IT systems and data.

UFP Technologies is a publicly traded medical engineering and manufacturing company that produces a broad range of devices and components used in surgery, wound care, implants, orthopedic applications, and healthcare wearables.

The company employs 4,300 people, has an annual revenue of $600 million, and a market cap of $1.86 billion, according to recent data.

In a filing submitted yesterday with the U.S. Securities and Exchange Commission (SEC), UFP Technologies disclosed that it detected suspicious activity on its IT systems on February 14.

The firm immediately deployed isolation and remediation measures and engaged external cybersecurity advisors to help with the investigation.

Preliminary results of the investigation indicate that the threat has been removed, but the hacker was able to steal data from compromised systems.

“Through the Company’s efforts, the Company believes that the third party responsible for this cybersecurity incident has been removed from the Company’s IT systems, and the Company’s ability to access information impacted by this incident has been restored in all material respects,” reads the SEC filing.

“The incident appears to have impacted many but not all of the Company’s IT systems and affected functions such as billing and label making for customer deliveries. Certain Company or Company-related data appear to have been stolen or destroyed.”

The data destruction note suggests a ransomware or wiper attack, although the nature of the malware remains unclear.

BleepingComputer has contacted UFP Technologies to ask about the attack and whether it involved data encryption/ransom payment demands, but a comment wasn’t immediately available.

At the time of publishing, no ransomware group has publicly claimed the attack on UFP Technologies.

UFP Technologies mentioned that, at this time, it has not determined whether personal information has been exfiltrated. If confirmed at a later time, notifications will be sent to impacted individuals as required by law.

The company stated that, despite the cybersecurity incident, its primary IT systems remain operational. Based on current evidence and assessments, UFP Technologies states it is unlikely that the incident will have a material impact on its operations or financials.