Page last updated on July 2, 2025
SURMODICS INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2025-07-02 07:00:32 EDT.
Company Summary
SurModics provides a surface modification and in vitro diagnostic technologies to the healthcare industry.
Incident Details
Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date:
Detected Date: 2024-06-05
Disclosure Date: 2025-07-02
Contained Date: 2024-07-02
Recovered Date:
Attack Goal: Unknown
Costs: No Costs Tracked (yet)
Filings
8-K filed on 2025-07-02
SURMODICS INC filed an 8-K at 2025-07-02 07:00:32 EDT
Accession Number: 0000950170-25-092526
Item 8.01 Other Events.
On June 5, 2025, Surmodics, Inc (the “Company”) discovered that a third party (a “Threat Actor”) had gained unauthorized access to certain of its information technology (“IT”) systems (the “Cyber Incident”) and that certain IT systems and data were unavailable to the Company. The Company promptly initiated containment measures, including proactively taking certain IT systems offline, and implemented its security incident response plan. The Company has notified law enforcement about the matter.
Since discovering the Cyber Incident, the Company has worked with third party IT experts to contain, assess, and remediate the incident. As of the time of filing of this Current Report on Form 8-K (this “Form 8-K”), the Company’s critical IT systems have been restored and IT data is being validated. The Company’s remaining IT systems and data are being restored and validated in accordance with a recovery plan. Throughout the Cyber Incident to date, the Company has been able to accept customer orders and ship products without any material interruption of customer impact using alternatives to its normal IT systems.
The Company continues to analyze the scope and details of the IT data that the Threat Actor accessed. To the Company’s knowledge, the Threat Actor has not released any of the Company’s data, including third party data held by the Company, or used any such data for any fraudulent purposes.
The Company maintains cyber insurance, which it expects to cover much of its expenditures related to the Cyber Incident, subject to the policy’s deductible and customary exclusions. The Company remains subject to various risks due to the Cyber Incident, including the adequacy of processes during the period of disruption of the Company’s IT systems, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny.
Company Information
Name | SURMODICS INC |
CIK | 0000924717 |
SIC Description | Surgical & Medical Instruments & Apparatus |
Ticker | SRDX - Nasdaq |
Website | |
Category | Accelerated filer |
Fiscal Year End | September 29 |