Final week’s cyberattack on medical expertise big Stryker was restricted to its inside Microsoft setting and remotely wiped tens of 1000’s of worker units.
The group says in an replace on Sunday that every one its medical units are protected to make use of however digital ordering programs stay offline, and clients should place orders manually by gross sales representatives.
Stryker emphasizes that the incident was not a ransomware assault and that the menace actor didn’t deploy any malware on its programs.
Final week, Stryker was the goal of a cyberattack claimed by the Handala hacktivist group, believed to be linked to Iran.
The attacker alleged that they wiped “over 200,000 programs, servers, and cellular units” and stole 50 terabytes of knowledge. Nevertheless, investigators didn’t discover any indication that information was exfiltrated.
Following the disruption, Stryker workers in a number of international locations began to complain that their managed units had been remotely wiped in a single day.
Some workers had their private units enrolled within the firm community and misplaced private information through the wiping course of.
Hackers had International Admin privileges
A supply conversant in the assault advised BleepingComputer that the menace actor used the wipe command in Intune, Microsoft’s cloud-based endpoint administration service, to erase information from almost 80,000 units between 5:00 and eight:00 a.m. UTC on March 11.
The attacker carried out the motion after compromising an administrator account and creating a brand new International Administrator account.
The investigation is being performed by the Microsoft Detection and Response Crew (DART) in collaboration with cybersecurity specialists from Palo Alto Unit 42.
Stryker’s replace highlights that the assault didn’t affect any of its merchandise, linked or in any other case, and was restricted completely to the interior Microsoft company setting.
“All Stryker merchandise throughout our international portfolio, together with linked, digital, and life-saving applied sciences, stay protected to make use of,” the firm says.
Restoration efforts are presently underway, the primary focus being on resuming transport and transactional companies. Prospects are inspired to take care of regular communication with firm personnel whereas the infrastructure is steadily recovered.
Any order positioned earlier than the cyberattack might be honored as programs are restored, whereas these positioned through the disruption might be processed when programs are again on-line, and the provision circulate resumes to regular.
The corporate is working with its international manufacturing websites to take care of potential operational affect.
Stryker’s present precedence is to revive the supply-chain system and resume buyer orders and transport. “Our core transactional programs are already on a transparent path to full restoration,” the corporate says.
Malware is getting smarter. The Purple Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
