Stryker confirms cyberattack is contained and restoration underway - Cybersecurity Dive

Stryker confirms cyberattack is contained and restoration underway An assurance letter from Palo Alto Networks provides insight into the forensic investigation at the medical technology firm. Published March 23, 2026 David Jones Reporter Share License Add us on Google The Stryker office in Salt Lake City, Utah, on May 9, 2023. The medical technology firm confirmed that a March 2026 cyberattack has been contained and shows no impact to customers, partners, suppliers and vendors. Alamy Stryker is continuing an investigation into the attack on its Microsoft environment earlier this month, an incident the company said in a regulatory filing is now contained.  The medical technology provider said there is no indication that customers, suppliers, vendors or other partners were affected, according to the 8-K filing with the Securities and Exchange Commission.  As previously reported, an Iran-linked threat group, tracked as Handala, claimed credit for the attack. The hackers weaponized the company’s Microsoft Intune device-management platform to wipe data from thousands of devices.  The attack temporarily disrupted ordering, manufacturing and shipping. The company began to restore normal operations late last week. Stryker, which provides surgical equipment and orthopedic devices to hospitals and other customers across the globe, said it has not yet determined whether the attack will have a material impact on operations.  Included in the regulatory filing was an assurance letter from Palo Alto Networks’ Unit 42, which is assisting Stryker with its investigation of the attack.  Palo Alto Networks conducted an analysis of Stryker’s Microsoft environment, including Active Directory and Entra ID. That report indicates hackers used a malicious file that allowed them to run commands while hiding their activities, according to the letter.  The Cybersecurity and Infrastructure Security Agency last week urged security teams across the country to harden their endpoint security, due to concerns that other Microsoft Intune environments could also be targeted. Stryker said it is working to fully restore manufacturing. Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Strategy, Breaches, Threats