Stryker is investigating a cyberattack that led to a global network disruption of its Microsoft environment.
In a statement posted on LinkedIn Wednesday, Stryker said it did not believe the attack involved ransomware or other malware and added that it believed the incident was contained.
“Our teams are working rapidly to understand the impact of the attack,” the company said. “Stryker has business continuity measures in place to continue to support our customers and partners. We are committed to transparency and will keep stakeholders informed as we know more.”
Stryker identified the cyberattack on Wednesday, and activated its cybersecurity response plan and launched an investigation with external advisors and cybersecurity experts, according to a filing with the Securities and Exchange Commission.
The full scope of the impact, including operational and financial effects, are not yet known. Stryker does not have a timeline for full restoration of its systems. The company has not determined whether the attack will have a material impact.
A spokesperson for Microsoft said the company did not have any immediate comment, but added they would get back in touch if there was any additional information.
Stryker, in a Thursday update posted to its website, said the company is working to restore its electronic ordering system as quickly as possible.
“We have visibility to the orders entered before the event, and they will be shipped as soon as our system communications are restored,” Stryker said in the statement. “Any orders that have come in after the event are being examined.”
Products like its Mako surgical robots, Vocera and LifePak35 monitor/defibrillator are fully safe to use, according to Stryker. It is also safe to communicate with company employees and sales representatives by email and phone.
Stryker, based in Portage, Michigan, is a medtech company that specializes in orthopedics, including manufacturing joint implants and surgical robots, as well as medical equipment like hospital beds.
The company has 56,000 employees and operates in 61 countries. Its revenue in 2025 totaled $25.1 billion.
According to a report from The Wall Street Journal, the attack led to a global outage across Stryker’s systems as the hackers remotely wiped remote devices running Microsoft’s Windows operating system, including cellphones and laptops.
Stryker told employees to disconnect from all networks and to not turn on company-issued devices, according to an email viewed by the Journal.
An Iran-linked threat actor that researchers call Handala claimed credit for the attack, according to a spokesperson for Check Point Research.
Handala is a group that masquerades as pro-Iranian hacktivists but is believed to be part of the Iranian Ministry of Intelligence and Security, according to Palo Alto Networks Unit 42.
The Stryker attack would represent a significant escalation for Handala, marking the first time it has targeted a major U.S. business, according to Check Point Research.
“The fact that they’ve set their sights on a major medical device company is particularly alarming,” said Sergey Shykevich, threat intelligence group manager at Check Point Research. “Critical healthcare infrastructure represents a high-value, high-impact target: disruption doesn’t just mean data loss, it can mean patient safety.”
Several hacktivist groups have claimed attacks against companies based in the Middle East since the U.S. and Israel’s war against Iran began in late February. An Iranian state-linked actor tracked as Seedworm, or MuddyWater, has targeted the networks of U.S. companies since early February, with researchers at Symantec and Carbon Black finding backdoors on the networks of multiple firms.
Editor’s note: This story was updated to include new information from Stryker’s statement and securities filing, and information from Microsoft.
