A ransomware group called Payouts King today took credit for a February 2026 cyber attack on UFP Technologies.
UFP first disclosed the data breach in an 8-K filing with the US Securities and Exchange Commission in which it said an unauthorized third-party stole files and disrupted billing and label making.
Payouts King now says it stole 620 GB from UFP.
UFP has not acknowledged Payouts King’s claim and Comparitech cannot independently verify it. We do not know what data was compromised, how attackers breached UFP, if UFP paid a ransom, or how much Payouts King demanded. Comparitech contacted UFP Technologies for comment and will update this article if it replies.
“On or about February 14, 2026, UFP Technologies, Inc. (the ‘Company’) detected suspicious activity involving its information technology (‘IT’) systems,” says UFP’s SEC filing.
“The incident appears to have impacted many but not all of the Company’s IT systems and affected functions such as billing and label making for customer deliveries. Certain Company or Company-related data appear to have been stolen or destroyed.”
Who is Payouts King?
Payouts King is a ransomware group that emerged in Summer 2025. The group says it is not ransomware-as-a-service, which means it does not sell its services to affiliates. Instead, it operates independently, launches its own attacks, and collects its own ransoms. Its malware both steals data and encrypts target systems.
The group has claimed responsibility for 56 ransomware attacks in total, 12 of which were confirmed by the targeted organizations.
Payouts King mainly targets manufacturers and healthcare companies. Some of the breaches for which its taken credit include:
- Gateway Community Services (USA) warned 34,498 people of an April 2025 data breach
- Crenshaw Community Hospital (USA) reported a June 2025 data breach
- Bär Cargolift (Germany) reported a November 2025 data breach
- Chemirol (Poland) reported a November 2025 data breach
- V. FRAAS (Germany) reported a January 2026 data breach
Ransomware attacks on US healthcare businesses
Comparitech researchers recorded 31 confirmed ransomware attacks on US healthcare businesses that don’t provide direct care, such as pharmaceutical companies, medical software developers, medical billing companies, and medical device makers.
Some recent such attacks include:
- TriMed warned patients of a September 2025 data breach claimed by Lynx
- Catalyst RCM notified about 140,000 patients of a November 2025 data breach claimed by Everest
- Resource Corporation of America warned patients of a December 2025 data breach claimed by Medusa
- Humana notified patients of an August 2025 data breach claimed by Clop
We’ve logged two more confirmed attacks on US healthcare businesses in 2026 to date.
Ransomware attacks on healthcare businesses can both lock down computer systems and steal data. These attacks often compromise data belonging to the business’ clients, such as patient data from hospitals and clinics. They can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk.
Companies like UFP operating in the healthcare sector have become a key target for hackers because they handle a large amount of personal data and deal with several third-party clients.
About UFP Technologies
UFP Technologies is an American medical device manufacturer specializing in sterile packaging ad single-use medical components. It also makes products for clients in the automotive, aerospace, electronics, and industrial markets. UFP employs about 3,300 people, according to external sources.
