UFP Technologies — a Massachusetts-based manufacturer of single-use medical device components, specialty packaging, and protective solutions for healthcare — disclosed a data theft hack to the SEC via an 8-K filing in early 2026. UFP Technologies serves medical device OEMs with foam, fiber, and plastic components for surgical, diagnostic, and protective applications. The SEC disclosure triggered under the December 2023 SEC cybersecurity incident rules that require disclosure of material cybersecurity incidents within 4 business days. The breach involved data theft of proprietary or customer information.