Medical device giant Stryker announced Monday that its hospital tools remain safe following a significant cyberattack that disabled internal digital ordering systems. The disruption began this Wednesday and has forced factory closures while thousands of company devices lost all information across global locations. Officials stated that connected medical equipment operates independently and poses no risk to patients despite the internal infrastructure compromise. Electronic ordering systems belonging to the company remain down one week after the incident reportedly wiped thousands of devices.
Electronic ordering platforms remain offline as the company works to restore functionality to its supply chain infrastructure. Sales representatives will coordinate directly with customers to replenish goods through manual methods until systems recover. Orders placed before the disruption will reconcile once operations normalize, while new orders will process upon full restoration of the network. Orders placed prior to the disruption will be reconciled as systems are restored according to company statements.
Stryker officials emphasized repeatedly that connected products deployed at hospitals are not affected by the incident. Several statements released this week addressed customer concerns regarding the safety of software and hardware at medical facilities. The company confirmed that connected beds and stretchers utilize independent security protocols separate from the corporate network environment. This includes the Vocera Voice hands-free communication system and the Care.ai sensor system used in hospital rooms.
Technical analysis suggests the attack utilized a living-off-the-land technique to disable devices without traditional malware. Experts identified hundreds of leaked credentials on the dark web as the likely entry point for the threat actors. Investigators believe the perpetrators gained access to the Microsoft Intune management console to weaponize the native remote wipe feature. This living-off-the-land technique allowed the group to cause widespread destruction and data loss potentially without needing wiper malware.
An Iranian-aligned group called Handala claimed responsibility for the incident in a public statement released this week. The group stated it targeted the company due to its work with the United States Defense Department. Stryker has not officially confirmed whether the incident is attributed to Iranian cyber actors by government authorities. The attack on Stryker was claimed by an Iranian-aligned group called Handala in a statement regarding the Defense Department work.
Incident responders at Cisco Talos described the method as causing widespread destruction and data loss simultaneously. Jonathan Greig from Recorded Future News reported that employees confirmed devices with Microsoft Intune installed were wiped clean. The company noted that no ransomware or malware was involved in the specific operation against its internal environment. Incident responders at Cisco Talos said last week that the attack was almost certainly executed by compromising high-level administrative accounts.
The outage caused work disruptions at locations in multiple countries and halted production for several days since Wednesday. This event highlights the vulnerability of centralized device management systems within large enterprise networks. Healthcare providers must rely on manual procedures for ordering critical surgical supplies during the recovery period. The Fortune 500 company produces a wide range of digital tools for hospitals and emergency medical equipment.
The company did not provide a specific timeline for when systems would return to normal operations. Current efforts focus on prioritizing platforms that handle ordering, shipping, and customer support queues. Stakeholders will watch for updates on the restoration progress as the medical supply chain remains strained. Stryker officials said that while it works to bring its electronic ordering systems back online, sales representatives would coordinate directly with customers to replenish goods through manual methods.
