Stryker Says Cyberattack Contained After Disrupting Operations & Systems

The cyberattack, which occurred on March 11, impacted order processing, manufacturing and shipments across the company’s operations.

Medical device maker Stryker has shared an update on the recent cyberattack that caused widespread disruption to its business operations. Stryker informed that it is now prioritizing the restoration of systems that directly support customers, ordering and shipping.

The cyberattack, which occurred on March 11, impacted order processing, manufacturing and shipments across the company’s operations.

Stryker said that cellphones, laptops and other remote devices running Microsoft Windows operating systems and connected to its network were affected during the incident.

The company stated that no patient-related services or connected medical products were impacted. It did not disclose details regarding the financial impact of the disruption.

In a compliance filing with the U.S. Securities and Exchange Commission, Stryker said it has "no indication of ransomware or malware" associated with the incident and believes the situation has been contained, though access to certain information systems and business applications remains limited.

According to reports, the cyberattack affected servers, mobile devices and systems connected to Stryker’s Microsoft-based administrative environment, with more than 200,000 systems and devices impacted.

Local reports indicated that some hospitals in Michigan using Stryker equipment temporarily took certain devices offline as a precaution. The Michigan Department of Health and Human Services said some healthcare facilities are implementing safety measures, including switching to backup communication systems.

Employees at Stryker’s facility in Portage were reportedly instructed to avoid connecting to the company network, refrain from using work computers and stay off Wi Fi until systems are restored. Staff were also advised to remove device management profiles from work phones.

An Iran-linked hacking group called Handala claimed responsibility for the attack, describing it as retaliation linked to geopolitical tensions. The group stated it attacked on the same day as the disruption.

Stryker said it is coordinating with appropriate authorities and external cybersecurity experts as part of its investigation.

The Cybersecurity and Infrastructure Security Agency has opened an investigation into the incident and is working with public and private sector partners to gather information and provide technical assistance.

Cybersecurity experts noted that the incident highlights supply chain risks for healthcare providers relying on external vendors for connected technologies.

Dave Bailey, vice president of consulting at Clearwater Security, said healthcare organizations should treat the event as a supply chain cyber risk and monitor connectivity between internal networks and vendor-managed systems. He also advised verifying the operational status of medical devices and ensuring downtime procedures are in place.

The incident comes amid ongoing warnings from cybersecurity agencies regarding threats to critical infrastructure, including healthcare systems, from state-linked and politically motivated cyber actors.

Stay tuned for more such updates on Digital Health News