Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

OraSure Technologies, Inc. Unknown (2024) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Unknown

OraSure Technologies, Inc. · OSUR

Health CareUSAIncident March 27, 2024Filed April 12, 2024

Impact score

Business continuity

—

Insurance involved

Not disclosed

Filing

8-K · 1.05

Breach taxonomy

UnknownData ExfilConfidential BizPersonal DataInfo Privacy Loss

Summary

On or about March 27, 2024, OraSure Technologies became aware of a cybersecurity incident in which an unauthorized third party gained access to company data from certain information systems and exfiltrated certain files. The company initiated response protocols with cybersecurity experts and external counsel, notified law enforcement, and believes the incident has been contained with core financial and operational systems preserved. The extent of any personal information in the exfiltrated files was still under investigation at the time of filing.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to any specific threat actor → UNKNOWN.

MethodsData Exfil

Filing explicitly states the unauthorized third party gained access to company data and exfiltrated certain files.

Assets

Confidential Biz

Personal Data

Filing confirms certain files were exfiltrated from OraSure's information systems, with the company still investigating whether personal information was included.

EffectsInfo Privacy Loss

File exfiltration with potential personal information exposure constitutes information privacy loss; core financial and operational systems were preserved with no operational disruption.

Impact

Data exfiltration at a medical diagnostics company with potential personal information exposure; core systems preserved and no operational disruption, but scope of exfiltration not yet determined.

InsuranceNot disclosed

Filing makes no mention of insurance.

Read the original SEC filing excerpt

Item 1.05 Material Cybersecurity Incidents. On or about March 27, 2024, OraSure Technologies, Inc. became aware of a cybersecurity incident in which an unauthorized third party gained access to Company data from certain information systems. Following detection of the incident, the Company initiated response protocols, commenced an investigation with the assistance of cybersecurity experts and external counsel, and notified law enforcement. The Company believes it has contained the incident and believes it has preserved the integrity of its core financial and operational systems. Although the Company ascertained that certain files were exfiltrated, it is still investigating the extent of any sensitive information contained within the accessed systems, including any personal information. It is evaluating what, if any, regulatory and legal notifications are required as a result of this incident and will make such notifications as required based on its findings. As of the date hereof, the incident has not had a material impact on the Company's operations, financial systems, or its financial condition.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Health Care

Unknown · May 4, 2026

West Pharmaceutical Services, Inc.

West Pharmaceutical Services detected a network intrusion on May 4, 2026 and on May 7, 2026 determined it to be a material cybersecurity inc…

Unknown · April 1, 2026

Medtronic plc

Medtronic disclosed via a Reg FD (Item 7.01) press release dated April 24, 2026 that an unauthorized party accessed data in certain corporat…

Unknown · March 16, 2026

CareCloud, Inc.

On March 16, 2026, CareCloud experienced a network disruption in its CareCloud Health division caused by an unauthorized third party that te…

Unknown · March 11, 2026

Stryker Corporation

On March 11, 2026, Stryker Corporation identified a cybersecurity incident affecting its Entra ID/Active Directory environment, servers, and…