We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience, personalize content, customize advertisements, and analyze website traffic. For these reasons, we may share your site usage data with our social media, advertising, and analytics partners. By clicking ”Accept,” you agree to our website's cookie use as described in our Cookie Policy. You can change your cookie settings at any time by clicking “Preferences.”

TechDogs-"Who's The Stryker Striker? Cyberattack Disrupts Operations And Delays Surgeries"

Cyber Security

Who's The Stryker Striker? Cyberattack Disrupts Operations And Delays Surgeries

By Amrit Mehra

Updated on Thu, Mar 19, 2026

Overall Rating
A cyberattack on medical technology giant Stryker has escalated beyond IT disruption, delaying some patient surgeries and triggering a broader cybersecurity response from U.S. agencies, as investigators uncover how attackers remotely wiped tens of thousands of corporate devices.

The March 11 cyberattack hit Stryker’s internal systems, impacting its ability to process orders, manufacture products, and ship them globally.

As a result, some patient-specific procedures had to be rescheduled due to delays in delivering customized medical inventory.

The company confirmed that the disruption was limited to its Microsoft environment and emphasized that “no patient-related services or connected medical products were affected.”

However, internal operations slowed significantly, with employees reporting communication breakdowns after work-issued devices stopped functioning.

The attack is being linked to Handala, a hacking group believed to have ties to Iran’s intelligence operations. The group claimed the incident was retaliatory, marking what appears to be one of the most significant cyberattacks by Iran-linked actors on a U.S. company in recent years.

Historically, such groups have carried out destructive attacks designed to erase data, and this incident signals a shift from low-impact disruptions to more operationally damaging actions.
 

TL;DR

 
  • Cyberattack disrupted Stryker’s Microsoft environment, delaying some surgeries
  • Iranian-linked group Handala claimed responsibility for the attack
  • Hackers remotely wiped up to tens of thousands of employee devices
  • No ransomware or malware detected, products and patient systems remain safe
  • U.S. authorities urge companies to secure Microsoft Intune systems
 

Stryker Attack Wiped Tens Of Thousands Of Devices, No Malware Needed


The scale of disruption became clearer as investigations revealed that attackers leveraged Microsoft Intune, a cloud-based endpoint management tool, to execute remote wipe commands.

Instead of deploying ransomware or malware, the attackers compromised an administrator account, created a new Global Administrator profile, and used built-in system controls to erase data from devices. Reports suggest that between 5:00 and 8:00 a.m. UTC on March 11, nearly 80,000 devices were wiped, with some claims suggesting even higher figures.

Employees across multiple regions reported that both corporate and, in some cases, personally enrolled devices were reset to factory settings overnight, leading to data loss and operational paralysis.

Stryker reiterated that “there is no evidence of malware deployed to our systems” and confirmed that the incident was contained within its internal corporate environment.

Despite the severity, all medical technologies across its portfolio, including connected and life-saving devices, remained unaffected and safe to use.

TechDogs-"An Image Of A Stryker Office"
 

Timeline Of Stryker’s Response And Recovery Efforts

 

  • March 11: Stryker reports a global network disruption to its Microsoft environment due to a cyberattack, states no ransomware or malware detected, and confirms containment efforts are underway

  • March 12, 12:32 a.m. ET: Company reiterates containment, confirms products like Mako, Vocera, and LIFEPAK remain safe, and begins restoring order systems

  • March 12, 10:43 a.m. ET: Confirms Mako systems are not connected devices and remain safe, with no malware risk from internal disruption

  • March 12, 2:24 p.m. ET: LIFEPAK devices and LIFENET system confirmed unaffected, with secure data transmission continuing

  • March 12, 9:13 p.m. ET: Stryker activates incident response with external cybersecurity experts, confirms disruption impacts order processing, manufacturing, and shipping

  • March 13, 3:11 p.m. ET: SurgiCount and Triton applications confirmed safe and operational, capable of functioning offline without impact

  • March 13, 3:13 p.m. ET: Company addresses order backlog concerns, confirms mitigation plans including additional shifts and manual coordination

  • March 13, 3:23 p.m. ET: Sustainability Solutions services continue with minor interruptions, maintaining scheduled collections

  • March 13, 3:30 p.m. ET: Surgical visualization and connected OR platforms confirmed unaffected and safe for use in surgeries

  • March 13, 5:15 p.m. ET: Vocera and care.ai platforms confirmed operational, with cloud infrastructure isolated from affected systems

  • March 13, 6:50 p.m. ET: Stryker reiterates no ransomware or malware involvement, confirms containment and ongoing investigation

  • March 15, 11:30 a.m. ET: Company confirms all products remain safe, outlines manual ordering processes, and states core systems are on track for full recovery


Stryker noted that its “core transactional systems are already on a clear path to full recovery,” with efforts focused on restoring supply chain operations and resuming normal order processing.

While the company has not disclosed the financial impact, the disruption underscores the growing risks facing healthcare technology providers, where operational downtime can directly affect patient care timelines.

As recovery continues, the incident serves as a reminder that compromised administrative access can bring global enterprises to a halt even without malware.
 

Topics For More Insights

 

U.S. Authorities Warn Of Broader Threat To Microsoft Endpoint Systems


Following the attack, the Cybersecurity and Infrastructure Security Agency asked organizations to strengthen endpoint management security, particularly around Microsoft Intune.

The agency said it is aware of malicious cyber activity targeting endpoint management systems and is working alongside federal partners, including the Federal Bureau of Investigation, to assess risks and mitigation strategies.

Companies have been advised to harden configurations, implement Microsoft’s recommended security practices, and closely monitor privileged account access.

The incident highlights how enterprise tools designed for device management can be weaponized if compromised, allowing attackers to cause widespread disruption without traditional malware.

First published on Thu, Mar 19, 2026

Amrit Mehra

Amrit Mehra

Senior Tech News Reporter TechDogs

Amrit Mehra is an experienced tech journalist with nearly a decade of reporting across IT, MarTech, and enterprise technology. He focuses on helping readers understand why tech developments matter—not just what they are. His writing stands out for its clarity, contextual relevance, and thoughtful simplicity. In addition to covering industry shifts, Amrit enjoys injecting humor and personality into his work, often through witty observations and meme-worthy takes that make tech more enjoyable to follow.

Enjoyed what you read? Great news – there’s a lot more to explore!

Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!

Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.

Head to the TechDogs homepage to Know Your World of technology today!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.

Tags:

Cyber AttackCyber ThreatCybercrimeRansomwareInformation Technology Cyber Security Stryker Microsoft Intune Security Endpoint Management Attack Healthcare Device Wipe Attack Handala

Join The Discussion

Trending TD NewsDesk

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

Home

Hot Topic: AI

News

Articles

Branded Insights

  • Dark
  • Light