Stryker Hospital Ordering Systems Offline After Iranian‑Linked Cyberattack, Devices Remain Safe
What Happened – An Iranian‑aligned hacking group, Handala, breached Stryker’s internal Microsoft environment, wiping thousands of corporate devices and taking the company’s electronic ordering platforms offline. The outage has forced factory shutdowns and manual order processing across multiple countries.
Why It Matters for TPRM –
- Disruption of critical supply‑chain ordering can delay medical‑device deliveries to hospitals.
- The incident highlights the risk of third‑party vendors’ internal IT environments affecting downstream customers.
- No compromise of connected medical devices was reported, but the attack underscores the need to verify product safety after a breach.
Who Is Affected – Healthcare providers (hospitals, surgery centers), medical‑device distributors, and any organization that relies on Stryker’s digital ordering and logistics platforms.
Recommended Actions –
- Review Stryker’s incident response and business‑continuity plans.
- Validate that any integrated Stryker devices in your environment are confirmed safe and isolated from the compromised network.
- Establish alternate ordering procedures with the vendor and monitor for any delayed shipments.
Technical Notes – The breach appears to have originated from stolen or compromised credentials that gave attackers access to Stryker’s Microsoft 365 tenant, leading to mass data wiping. No public CVEs or ransomware payloads were disclosed. The attack did not affect the firmware or security of Stryker’s connected beds, stretchers, or sensor systems, which operate on independent protocols. Source: The Record