Stryker is Restoring Systems After Cyberattack

Medical device maker Stryker said on March 17 that it has contained a cyberattack reported a week earlier, which caused widespread disruption to its business, and is now prioritizing the restoration of systems that directly support customers, ordering, and shipping.  

For healthcare organizations, the attack highlights several lessons about resilience in an increasingly interconnected digital environment. 

The hacking group Handala, which has been linked to politically motivated cyber activity, reportedly claimed the attack. It affected the company’s global Microsoft-based internal environment, remotely wiped tens of thousands of employee devices, and restricted access to certain internal systems used to manage operations and services. 

Stryker emphasized that the incident was not a ransomware attack and that the threat actor did not deploy any malware on its systems, nor were its connected medical devices and patient-related services impacted. 

Cyber Risk Across the Healthcare Ecosystem 

Healthcare delivery depends on a complex network of device manufacturers, software vendors, logistics providers, and cloud platforms. When one part of that network experiences a cyber incident, the effects can quickly spread beyond a single organization. 

In the Stryker case, disruptions to internal systems affected operational processes, including ordering and business systems. Even organizations with strong internal cybersecurity programs can experience operational challenges when a vendor’s systems are compromised. 

The American Hospital Association monitored the situation and communicated with hospitals and federal agencies to assess potential impacts on healthcare operations. 

Cybersecurity planning cannot stop at the organizational perimeter. Vendor risk management, supplier redundancy, and contingency planning are becoming essential components of operational resilience. 

Cyberattacks Are Shifting Toward Operational Disruption 

Healthcare cybersecurity discussions have historically focused on protecting patient privacy and electronic health records. While those risks remain critical, attackers are targeting operational systems more and more. 

Disrupting manufacturing, logistics, or supply chains can have immediate real-world consequences, even if patient information remains secure. The Stryker incident illustrates how cyberattacks can affect the availability and distribution of medical products without directly impacting clinical systems. 

This shift reinforces the need to treat cybersecurity as a business continuity issue, not simply a compliance or IT function. 

The Role of Network Segmentation in Cyber Resilience 

One notable aspect of the incident is that several clinical technologies were not affected. According to Becker’s Hospital Review, certain surgical visualization platforms and operating-room technologies remained operational because they were separated from the affected internal network. 

That separation likely helped prevent the incident from spreading into connected clinical environments. Architectural safeguards such as network segmentation and separation between corporate IT systems, operational technology, and connected medical devices can significantly reduce the impact of a cyber incident. 

The Rise of Geopolitical Cyber Threats in Healthcare 

The reported involvement of the hacking group Handala underscores another emerging challenge: healthcare infrastructure is increasingly caught in geopolitical cyber conflicts. 

Healthcare organizations have primarily faced financially motivated ransomware groups. Today, politically motivated or state-linked actors are also targeting healthcare technology companies and critical infrastructure. This evolving threat landscape means risk assessments must expand beyond traditional criminal cyber activity. 

Key Questions Healthcare Organizations Should be Asking 

Events like the Stryker cyberattack provide an opportunity to reassess preparedness.  

• How dependent are we on a single vendor for critical technology or medical supplies? 
• If a key technology partner were to experience a cyberattack tomorrow, how would operations continue? 
• Are administrative, operational, and clinical networks sufficiently segmented? 
• When was the last time we tested our response to a major cyber disruption? 

Building a More Resilient Healthcare Cybersecurity Strategy 

Ensuring that supply chains, devices, and operational systems remain available during cyber incidents is critical. As healthcare becomes more digitally connected, resilience will increasingly depend on strong vendor governance, resilient infrastructure, and coordinated security across the healthcare ecosystem. 

Additionally, a proactive approach to Application Programming Interfaces (API) security is also essential to reduce risk. Read the full article for key risks and practical safeguards: Managing Cybersecurity Risks in Healthcare APIs.