Federal Agency Warns Businesses After Major Medical Device Company Hit by Cyberattack

Federal cybersecurity officials are urging companies to strengthen their Microsoft security systems following a cyberattack on medical device manufacturer Stryker Corp. The March 11 attack, claimed by an Iran-linked hacking group, disrupted the company's operations and reportedly delayed some patient surgeries.

Federal cybersecurity officials issued a warning Wednesday urging businesses nationwide to bolster their Microsoft security systems following a devastating cyberattack on medical device manufacturer Stryker Corp.

The cyberattack struck Stryker’s computer networks on March 11, severely disrupting the company’s operations and hampering its ability to fulfill orders, manufacture products, and deliver goods to customers. Company officials described the incident as a global disruption affecting their entire Microsoft computing environment.

A hacking group with ties to Iran, known as Handala, took credit for the digital assault, stating the attack was carried out as revenge for a strike on a girls’ school in Minab, located in southern Iran.

The Cybersecurity and Infrastructure Security Agency (CISA) announced it has identified malicious cyber activities targeting endpoint management systems at U.S. organizations, drawing from evidence gathered during the Stryker incident. The agency is now calling on companies to strengthen their endpoint management system settings and adopt Microsoft’s recommended security practices for Microsoft Intune, a platform used to control user permissions, devices, and applications throughout organizations.

CISA officials said they are working alongside federal partners, including the Federal Bureau of Investigation, to discover additional security threats and develop protective measures.

According to Bloomberg News reporting Wednesday, the cyberattack on Stryker has resulted in postponed surgeries for some patients.

Stryker announced Tuesday that it had successfully contained the attack and confirmed that no patient-related services or connected medical devices were compromised. However, the company has not disclosed details regarding the financial losses from the incident.