CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 17, 2026

Stryker’s manufacturing, shipping disrupted after cyberattack - Cybersecurity Dive

Cybersecurity Dive Archived May 17, 2026 ✓ Full text saved

Stryker’s manufacturing, shipping disrupted after cyberattack Cybersecurity Dive

Full text archived locally
✦ AI Summary · Claude Sonnet


    Stryker’s manufacturing, shipping disrupted after cyberattack The medtech company says it’s still experiencing issues with order processing, manufacturing and shipping. Published March 13, 2026 Ricky Zipp Senior Editor David Jones Reporter Share License Add us on Google Stryker office in Salt Lake City, Utah, on May 9, 2023. Alamy First published on Stryker said the cyberattack that hit the company this week has disrupted its manufacturing and shipping operations. The medtech company released the information Thursday night in a statement posted to its website. Stryker did not detail the attack’s impact on its systems, but wrote in the statement that the incident has caused disruptions to order processing, manufacturing and shipping. “However, we are working diligently to restore our systems and above all, we are committed to ensuring our customers can continue to deliver seamless patient care,” the company said. Stryker maintained that the incident is contained to its internal Microsoft environment, and there is no malware or ransomware detected. In a Thursday filing with the Securities and Exchange Commission, Stryker said that it does not believe its patient-related services have been disrupted or that its connected products were impacted by the incident. Dave Nathans, Stryker’s chief information security officer, provided an update on Thursday to certain customers and other members of the cybersecurity community regarding the attack, according to the filing. Stryker is collaborating with law enforcement and government agencies to share intelligence about the incident. CEO Kevin Lobo, in a letter to employees posted on LinkedIn Thursday, said Stryker has fully contained the attack, and the company is in the restoration phase. In a Thursday note to investors, J.P. Morgan analysts said they spoke with Stryker about the attack. “Procedures around the world still took place yesterday, and while management isn’t yet ready to comment on whether or not there will be an impact, our impression is that it will ultimately be minor,” the analysts wrote. “There could be the potential for spotty disruptions as systems are restored, and if a material impact does occur, Stryker has an obligation to disclose it when it is estimable and known. So, while this clearly wasn’t a good event, it is far, far from being a highly impactful negative event, in our view.” Stryker, based in Portage, Michigan, is a medtech company that specializes in surgical equipment and orthopedics, including manufacturing joint implants and surgical robots. The company has 56,000 employees and operates in 61 countries. Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter Email: Sign up On Wednesday, Stryker identified a cyberattack that led to a global network disruption of its Microsoft environment. The company activated its cybersecurity response plan and launched an investigation with external advisors and cybersecurity experts. Stryker said that it is not aware of the full scope of the attack’s impact, including financial and operational effects, in a Wednesday filing with the SEC. The company added that it does not have a timeline for full restoration of its systems, and it has not determined whether the attack will have a material impact. The attack has been claimed by an Iran-linked threat actor tracked as Handala, according to Check Point Research. The group claimed that it has wiped thousands of servers and mobile devices and also claims to have exfiltrated 50 terabytes of critical data. It is not known whether any customer data was affected. Handala has positioned itself as a pro-Iran hacktivist, but researchers at Palo Alto Networks have linked the group to the Iranian Ministry of Intelligence and Security. Handala is one of several state-backed or hacktivist groups that have targeted companies, government agencies or other organizations in Israel, the U.S. or the Persian Gulf region. The attacks have varied in complexity from phishing to distributed denial of service and malware attacks. Researchers suspect, based on statements by the company, claims by the threat actor and open source reporting that the Stryker attack involved abusing Microsoft Intune to create a wiper attack that would bypass traditional endpoint security protections. Researchers at Halcyon said the attack impacted all phones and workstations with an InTune base 64 string. “InTune is a device management component of Microsoft used to push software or manage devices that are usually base64-encoded,” Johnny Collins, director, intelligence operations at Halcyon said via email.  “In this case, the encoded payload contained remote wipe commands, effectively wiping the affected devices.” A spokesperson for Microsoft declined to comment on Thursday, but said the company would provide an update if additional information was developed. The Cybersecurity and Infrastructure Security Agency on Thursday said it was investigating the Stryker incident. RECOMMENDED READING Stryker investigating cyberattack that caused widespread outage MedTech Dive Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Cyberattacks, Threats
    💬 Team Notes
    Article Info
    Source
    Cybersecurity Dive
    Category
    ◇ Industry News & Leadership
    Published
    May 17, 2026
    Archived
    May 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗