Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Stryker confirms cyberattack is contained and restoration underway

An assurance letter from Palo Alto Networks provides insight into the forensic investigation at the medical technology firm.

Published March 23, 2026
David Jones's headshot
Reporter
A modern industrial building with beige and white walls and large blue-tinted glass windows. The name “Stryker” is mounted in black letters on the upper portion of the building. A white smokestack protrudes from the roof, and the sky is light and partly cloudy.
The Stryker office in Salt Lake City, Utah, on May 9, 2023. The medical technology firm confirmed that a March 2026 cyberattack has been contained and shows no impact to customers, partners, suppliers and vendors. Alamy

Stryker is continuing an investigation into the attack on its Microsoft environment earlier this month, an incident the company said in a regulatory filing is now contained. 

The medical technology provider said there is no indication that customers, suppliers, vendors or other partners were affected, according to the 8-K filing with the Securities and Exchange Commission. 

As previously reported, an Iran-linked threat group, tracked as Handala, claimed credit for the attack. The hackers weaponized the company’s Microsoft Intune device-management platform to wipe data from thousands of devices. 

The attack temporarily disrupted ordering, manufacturing and shipping. The company began to restore normal operations late last week.

Stryker, which provides surgical equipment and orthopedic devices to hospitals and other customers across the globe, said it has not yet determined whether the attack will have a material impact on operations. 

Included in the regulatory filing was an assurance letter from Palo Alto Networks’ Unit 42, which is assisting Stryker with its investigation of the attack. 

Palo Alto Networks conducted an analysis of Stryker’s Microsoft environment, including Active Directory and Entra ID. That report indicates hackers used a malicious file that allowed them to run commands while hiding their activities, according to the letter. 

The Cybersecurity and Infrastructure Security Agency last week urged security teams across the country to harden their endpoint security, due to concerns that other Microsoft Intune environments could also be targeted.

Stryker said it is working to fully restore manufacturing.

Editors' picks

Company Announcements

View all | Post a press release
Why Edge RF Awareness Is Essential for the M2M Era
From Digital Global Systems
March 16, 2026
Digital Global Systems logo
BrandShield Expands Brand and Digital Risk Protection to AI Platforms, Where Millions of Consu…
From BrandShield
April 01, 2026
BrandShield logo
CyberFOX AutoElevate Named a High Performer in G2’s Spring 2026 Report for Privileged Access M…
From CyberFOX
April 01, 2026
CyberFOX logo
AI Is Fueling Secrets Sprawl. GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secr…
From GitGuardian
March 17, 2026
GitGuardian logo
Editors' picks
Latest in Strategy
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell