Stryker Cyberattack Contained as Company Works to Restore Disrupted Operations

What happened

Stryker said it has contained a cyberattack that disrupted its global operations and is now focusing on restoring systems tied to customer service, ordering, and logistics. The incident impacted internal systems, including devices connected to its Microsoft-based environment, affecting order processing, manufacturing, and shipments. The Iran-linked group Handala claimed responsibility for the attack, though the company has not confirmed attribution. Stryker stated that employee laptops, mobile devices, and remote systems were affected, while patient-facing systems and connected medical products were not impacted. The company is working with authorities and external cybersecurity experts as it continues investigating the incident and restoring operations. 

Who is affected

Stryker’s internal business operations, including manufacturing, ordering, and logistics systems, were affected, along with employee devices connected to corporate networks, while patient-related systems remained unaffected. 

Why CISOs should care

The update highlights how large-scale cyber incidents can shift quickly from initial disruption to prolonged recovery phases, with operational continuity and system restoration becoming the primary challenge after containment. 

3 practical actions

1. Prioritize recovery of critical systems. Focus on restoring systems that directly support customer operations and logistics. 
2. Validate system integrity post-incident. Ensure affected endpoints and infrastructure are secure before bringing them back online. 
3. Coordinate with external responders. Work with authorities and cybersecurity experts during investigation and recovery efforts. 

For more coverage of major incidents and threat activity, explore our reporting on Cyberattacks.