Surmodics, Inc.
| Primary URL | Location | Industry | www[.]surmodics[.]com |
Country
United States of America
|
Healthcare
|
|---|
Profile
Surmodics, Inc. is headquartered in the United States of America and operates under the alias Surmodics. The company is identified as Surmodics, Inc. in its public disclosures regarding the cybersecurity incident. Its primary location in the United States establishes the jurisdictional context for its operations and regulatory obligations.
On June 5, 2025, Surmodics discovered that an unauthorized third party had gained access to its IT systems, leading to the unavailability of some systems and associated data. The company promptly contained the incident by taking the affected systems offline to prevent further compromise. Surmodics activated its established security incident response plan to guide the containment and remediation efforts. Law enforcement agencies were notified immediately following the detection of the breach. External cybersecurity experts were engaged to assist with investigation, mitigation, and recovery activities. With the support of these experts, Surmodics has restored its critical IT systems and validated the integrity of the associated data. Remaining systems are currently undergoing recovery processes to return to full operational status.
Throughout the incident, Surmodics maintained order acceptance and product shipments without material interruption by employing alternative operational methods. To its knowledge, the threat actor has not released any of the accessed data nor used it for fraudulent purposes. The company expects that its cyber insurance policy will cover the majority of the financial costs associated with the incident. Surmodics acknowledges several risks arising from the breach, including concerns about the adequacy of its processes during disruption. Management diversion due to the incident response effort is another identified risk. Potential litigation stemming from the breach represents a further concern. Changes in customer behavior as a result of the incident are possible, and increased regulatory scrutiny may also occur. These factors collectively shape the ongoing impact and outlook for the organization following the cybersecurity event.