Stryker has reported a major cybersecurity incident that disrupted its global IT systems, affecting operations across its workforce of over 56,000 employees. The breach, detected on 11 March, impacted the company’s internal Microsoft environment, interrupting order processing, manufacturing workflows and shipment systems.
As a result, digital ordering platforms were taken offline, forcing customers to rely on manual processes through sales teams. The company clarified that the attack was limited to its corporate systems and did not affect its medical devices or patient-facing technologies, which remained fully operational.
Unlike typical cyberattacks involving ransomware or data theft, this incident appears to have focused on system destruction. Reports suggest that attackers exploited device- management tools to remotely wipe data across tens of thousands of devices within hours. The breach is believed to have originated from a compromised administrator account, which was then used to gain elevated access and execute large-scale wipe commands.
The nature of the attack caused widespread disruption. Employees across multiple regions reported losing access to company devices, with some also impacted on personal devices linked to corporate systems. The incident effectively crippled internal infrastructure without deploying traditional malware.
A group identifying itself as Handala has claimed responsibility, linking the attack to geopolitical motives. However, these claims, including assertions of large-scale data theft, remain unverified. The company has indicated that there is no confirmed evidence of data exfiltration so far.
Recovery efforts are underway, with a focus on restoring supply chain and transactional systems. Microsoft’s incident response team and Palo Alto Networks are assisting in the investigation.
The incident underscores a growing risk for global enterprises, where attacks on internal systems can disrupt operations at scale even when core products remain unaffected.
