← Back to incidents

Incident · Unknown

OraSure Technologies, Inc. · OSUR

Health CareUSAIncident March 27, 2024Filed April 12, 2024
Impact score
Business continuity
Insurance involved
Not disclosed
Filing
8-K · 1.05

Breach taxonomy

UnknownData ExfilConfidential BizPersonal DataInfo Privacy Loss

Summary

On or about March 27, 2024, OraSure Technologies became aware of a cybersecurity incident in which an unauthorized third party gained access to company data from certain information systems and exfiltrated certain files. The company initiated response protocols with cybersecurity experts and external counsel, notified law enforcement, and believes the incident has been contained with core financial and operational systems preserved. The extent of any personal information in the exfiltrated files was still under investigation at the time of filing.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to any specific threat actor → UNKNOWN.

MethodsData Exfil

Filing explicitly states the unauthorized third party gained access to company data and exfiltrated certain files.

AssetsConfidential BizPersonal Data

Filing confirms certain files were exfiltrated from OraSure's information systems, with the company still investigating whether personal information was included.

EffectsInfo Privacy Loss

File exfiltration with potential personal information exposure constitutes information privacy loss; core financial and operational systems were preserved with no operational disruption.

Impact

Data exfiltration at a medical diagnostics company with potential personal information exposure; core systems preserved and no operational disruption, but scope of exfiltration not yet determined.

InsuranceNot disclosed

Filing makes no mention of insurance.

Read the original SEC filing excerpt
Item 1.05 Material Cybersecurity Incidents. On or about March 27, 2024, OraSure Technologies, Inc. became aware of a cybersecurity incident in which an unauthorized third party gained access to Company data from certain information systems. Following detection of the incident, the Company initiated response protocols, commenced an investigation with the assistance of cybersecurity experts and external counsel, and notified law enforcement. The Company believes it has contained the incident and believes it has preserved the integrity of its core financial and operational systems. Although the Company ascertained that certain files were exfiltrated, it is still investigating the extent of any sensitive information contained within the accessed systems, including any personal information. It is evaluating what, if any, regulatory and legal notifications are required as a result of this incident and will make such notifications as required based on its findings. As of the date hereof, the incident has not had a material impact on the Company's operations, financial systems, or its financial condition.
View SEC filingBack to database

More in Health Care

Unknown · March 16, 2026

CareCloud, Inc.

On March 16, 2026, CareCloud experienced a network disruption in its CareCloud Health division caused by an unauthorized third party that te

Unknown · March 11, 2026

Stryker Corporation

On March 11, 2026, Stryker Corporation identified a cybersecurity incident affecting its Entra ID/Active Directory environment, servers, and

Unknown · November 3, 2025

The Oncology Institute, Inc.

The Oncology Institute disclosed that a cybersecurity incident at a third-party IT software provider was causing potential delays in the com

Unknown · August 8, 2025

Inotiv, Inc.

On August 8, 2025, Inotiv, Inc. identified a cybersecurity incident in which a threat actor gained unauthorized access to and encrypted cert