Cyber Incident Victim: Boyce Technologies

On or around August 9, 2020, Boyce Technologies, a manufacturer of FDA-approved ventilators critical to coronavirus response efforts, experienced a ransomware attack conducted by the DoppelPaymer cybercriminal gang. The attackers compromised company systems and exfiltrated sensitive data, including sales and purchase orders, assignment forms, and other operational documents. DoppelPaymer operators publicly claimed responsibility for the intrusion through their dedicated leak blog, where they published samples of the stolen records as proof of the breach. The gang threatened to release the full dataset unless Boyce Technologies paid an unspecified ransom demand. This attack directly threatened the company’s production capacity of 300 ventilators per day during a period of heightened global demand for medical equipment due to the COVID-19 pandemic.

The incident posed significant operational risks given Boyce Technologies’ role in manufacturing life-saving medical devices. While the attackers did not explicitly claim to have encrypted production systems, their theft of critical business documents and threat of data leakage created potential disruptions to supply chain operations and manufacturing workflows. Public exposure of sensitive contracts and procurement details could have compromised relationships with suppliers and healthcare providers. No specific details regarding incident response actions by Boyce Technologies, ransom payment status, or actual production interruptions were disclosed in available public reporting. The DoppelPaymer group’s decision to target a medical equipment manufacturer during a global health crisis highlighted the escalating aggression of ransomware operators against critical infrastructure sectors.