Stryker Restores Most Manufacturing Operations Following Cyberattack Disruption

The company is currently working to reconcile pending orders and stabilize production and delivery processes.

Stryker has restored most of its manufacturing sites and critical production lines following a cyberattack that disrupted operations earlier this month. The company said it is continuing efforts to return to full capacity as system recovery progresses.

The Portage, Michigan-based medical technology firm confirmed that its electronic ordering system, which had been taken offline during the incident, has now been restored for customers. The company is currently working to reconcile pending orders and stabilize production and delivery processes.

The cyberattack, which occurred on March 11, affected Stryker’s internal Microsoft environment, leading to disruptions in order processing, shipping, and manufacturing. The company has since been working to gradually restore affected systems and operational capabilities.

According to a company spokesperson, operations are steadily improving, with ongoing efforts focused on restoring underlying systems that support manufacturing and fulfillment. However, Stryker has not disclosed a timeline for complete recovery or the financial impact of the incident.

The attack has been attributed to an Iran-linked threat group known as Handala, based on findings from Check Point Research. The group claimed responsibility for wiping servers and mobile devices and exfiltrating data. Stryker stated that its ongoing investigation has not identified any malicious activity targeting customers, suppliers, or partners.

The company is working with multiple government agencies, including the FBI, the Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services, and the White House National Cyber Director, to assess and respond to the incident.

Stryker also engaged cybersecurity experts, including Palo Alto Networks’ Unit 42, which identified that the attack involved a malicious file used to execute commands and evade detection within the company’s systems. The file was not capable of spreading within or beyond Stryker’s network.

The disruption led to delays in product shipments and impacted scheduled medical procedures during the week of March 16. Stryker, which manufactures orthopedic implants, surgical robotics, and other medical equipment, has since contained the attack and resumed operations across key areas.

Stay tuned for more such updates on Digital Health News