Stryker Says Devices Are Safe as Systems Remain Down

A week after a disruptive cyberattack forced thousands of employees offline, medical technology giant Stryker is still working to restore systems, with electronic ordering platforms and internal operations continuing to experience delays. The March 11 incident triggered widespread outages across the company’s global network, halting access to internal tools and disrupting manufacturing, logistics, and customer support functions.

While Stryker has emphasized that its medical devices and hospital-facing technologies remain safe and unaffected, the company is still managing the operational fallout.

In the absence of fully restored systems, teams have shifted to manual processes to maintain supply flows and support customers, underscoring the scale of the disruption.

New details emerging from cybersecurity researchers and company updates suggest the attack may not have relied on traditional malware at all. Instead, attackers appear to have leveraged compromised administrative access to Stryker’s internal systems, using built-in management tools to remotely wipe devices at scale.

Why It Matters: What makes this attack stand out is how it was carried out. Rather than deploying traditional malware, the attackers appear to have used the company’s own tools against it. Even when patient systems remain unaffected, disruptions behind the scenes can still slow production, delay shipments, and impact hospitals that depend on those supplies. It shows how quickly trusted systems can become the weakest point when the wrong hands gain access.

• Attack May Have Used Legitimate IT Tools Instead of Malware: Stryker and multiple cybersecurity firms report no evidence of ransomware or traditional malware in the attack. Instead, attackers likely compromised high-level administrative accounts and accessed Microsoft Intune, a platform used to manage corporate devices. From there, they may have used its native remote wipe functionality to erase thousands of employee laptops and mobile devices simultaneously.

• Electronic Ordering and Supply Chain Systems Remain Disrupted: While core systems are gradually being restored, Stryker’s digital ordering platforms are still offline days after the incident. The company has shifted to manual ordering processes, with sales representatives coordinating directly with hospitals and distributors. This workaround highlights how dependent modern medical supply chains are on digital infrastructure, and how quickly disruptions can impact product availability.

• Medical Devices and Hospital Systems Confirmed Unaffected: Stryker has repeatedly emphasized that its connected medical devices, including hospital beds, communication systems, surgical platforms, and monitoring tools, were not impacted. These systems operate on separate architectures, including independent cloud environments or isolated networks, reducing the risk of the attack spreading into clinical settings. The company also confirmed no risk to patient safety or hospital operations.

• Compromised Credentials Likely Entry Point: Investigators believe the attackers may have gained access through stolen credentials, potentially sourced from phishing campaigns or infostealer malware. Security researchers identified large numbers of Stryker login credentials circulating on the dark web, suggesting attackers may have used valid accounts to bypass traditional defenses and escalate privileges.

• Geopolitical Motive Still Unconfirmed but Suspected: The Iran-aligned Handala group has claimed responsibility, framing the attack as retaliation tied to geopolitical tensions involving the United States. However, Stryker has not officially attributed the breach.

Go Deeper -> Customer Updates: Stryker Network Disruption – Stryker

Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack – The Record

Stryker says it’s restoring systems after pro-Iran hackers wiped thousands of employee devices – Tech Crunch