Stryker Cyberattack Wipes 200,000 Devices, Triggers Precautions Across Michigan Hospitals

The attack has been attributed to the pro-Iranian hacktivist group Handala, which claimed responsibility and described the action as a response to geopolitical tensions linked to the Iran conflict.

A cyberattack targeting medical device technology company Stryker has reportedly wiped data from more than 200,000 systems and devices linked to its Microsoft Intune management environment, raising concerns among healthcare providers and prompting precautionary measures at hospitals in Michigan.

According to reports, the incident occurred last Wednesday and affected servers, mobile devices, and other systems connected to Stryker’s Microsoft-based administrative console.

The attack has been attributed to the pro-Iranian hacktivist group Handala, which claimed responsibility and described the action as a response to geopolitical tensions linked to the Iran conflict.

Stryker, headquartered in Kalamazoo, said in a compliance filing with the U.S. Securities and Exchange Commission that it has “no indication of ransomware or malware” associated with the incident and believes it has been contained. However, the company noted that the disruption has limited access to some of its information systems and business applications supporting operations and corporate functions.

Local reports indicated that hospitals using Stryker equipment in Michigan may have temporarily taken certain devices offline as a precaution. The Michigan Department of Health and Human Services said some healthcare facilities are implementing safety measures, including switching to backup communication systems while the situation is assessed.

Following the attack, employees at Stryker’s facility in Portage were reportedly instructed to avoid connecting to the company network, refrain from using work computers and stay off Wi-Fi until systems are restored. Staff were also advised to remove device management profiles from work phones.

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed it has opened an investigation into the incident. Acting director Nick Andersen said the agency is working with public- and private-sector partners to gather information and provide technical assistance related to the attack.

Cybersecurity experts say the incident highlights potential supply-chain risks for healthcare providers that rely on external vendors for connected technologies. Dave Bailey, vice president of consulting at Clearwater Security, said healthcare organizations should treat the event as a supply-chain cyber risk.

He recommended hospitals closely monitor connectivity between internal networks and vendor-managed systems, verify the operational status of medical devices and ensure downtime procedures are available if vendor support services are disrupted. Bailey also advised organizations to review endpoint security controls and remain alert to phishing or credential theft attempts that could exploit the disruption.

The incident comes amid ongoing warnings from cybersecurity agencies about threats to critical infrastructure, including healthcare systems, from state-linked and politically motivated cyber actors.

Stay tuned for more such updates on Digital Health News