Stryker has restored most manufacturing sites and critical lines roughly two weeks after the company suffered a cyberattack.
The company is working with its global manufacturing sites as “operations steadily improve towards full capacity,” a spokesperson said in a statement emailed to MedTech Dive. Stryker is making “strong progress” on restoring underlying systems that support production and fulfillment.
Stryker’s electronic ordering system, which was shut down due to the attack, has been restored for customers. The Portage, Michigan-based company is “working as quickly and safely as possible to reconcile orders, manufacture products and deliver to our customers so they can continue to provide seamless patient care,” the spokesperson said.
The spokesperson declined to comment on whether Stryker has a timeline for full restoration of its operations, and whether the financial and material impact on the company is yet known.
On March 11, Stryker was hit by a cyberattack that disrupted its internal Microsoft environment, affecting order processing, shipping and manufacturing across the company. Stryker has been working to restore operations over the past several weeks.
The attack has been claimed by an Iran-linked threat actor tracked as Handala, according to Check Point Research. The group claims to have wiped thousands of servers and mobile devices and stolen data. The attack also led to the delay of procedures scheduled for the week of March 16 due to shipping delays, according to Stryker.
Stryker — which manufactures orthopedic products like implants and surgical robotics, as well as other medical equipment — said last week that the attack was contained and it was beginning to restore operations.
In a March 19 statement, the company said it is working with government agencies and industry partners like the White House National Cyber Director, FBI, Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services.
In an investigation with cybersecurity experts, including Palo Alto Networks’ Unit 42, Stryker identified that a threat actor used a malicious file to run commands, allowing it to hide its activity while in the company’s systems, according to a filing with the Securities and Exchange commission. However, the file was not capable of spreading either inside or outside of Stryker’s environment.
“As of the date of this report, the Company’s investigation has not identified malicious activity directed towards its customers, suppliers, vendors or partners,” Stryker stated in the March 23 filing.
The attack was the first of two that hit the medtech industry in one week. One March 12, Intuitive Surgical said that it had been hit by a phishing incident that compromised customer and employee data.
