The Stryker cyberattack and what hospitals should be doing

A medical technology company is the apparent victim of a cyberattack, and cybersecurity experts are aiming to assess the possibility of attacks on hospitals and other healthcare providers.

An Iranian hacking group, Handala, has claimed it is behind the attack on Stryker, Wired and other media groups have reported. The attack has generated wide attention given the U.S. war with Iran.

Stryker, a Michigan-based company that produces medical and surgical equipment, said on its website that it is “responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained.”

“Our teams are working to understand the full impact to our internal environment,” the company said. So far, the company has said, “We believe the situation is contained to our internal Microsoft environment only.”

Hospitals and health systems are frequent targets of cyberattacks. John Riggi, national adviser for cybersecurity and risk for the American Hospital Association, is closely tracking the Stryker incident.

In a statement sent via email, Riggi said, “We are aware of the reports of the cyber attack against Stryker and are actively exchanging information with the hospital field and the federal government to understand the nature of the threat and assess any impact to hospital operations.

“At this time, we are not aware of any direct impacts or disruptions to US hospitals as a result of this attack. That may change as hospitals evaluate services, technology and supply chain related to Stryker and as the duration of the attack extends,” Riggi said.

Riggi has said in previous interviews with Chief Healthcare Executive® that Iran is one of the leading sources of cyberattacks, including those aimed at the healthcare industry.

Federal authorities have warned of Iranian-based cyberattacks aimed at the healthcare industry, and they recently reminded critical sectors of that guidance.

In 2023 and 2024, Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors targeted a host of infrastructure targets, including the healthcare sector in the U.S., authorities said.

“In the context of the ongoing conflict with Iran, it is particularly important to ensure that we are implementing cybersecurity measures to defend against the known tactics used by Iranian state-sponsored hackers or pro-Iranian hackers acting independently,” Riggi said March 3.

Russell Teague, chief strategist and security officer of Fortified Health Security, a cybersecurity firm, told Chief Healthcare Executive® that hospitals and health systems shouldn’t be alarmed, but they should be alert to potential problems. He suggested paying close attention to unusual activity in identity platforms and collaboration environments such as Microsoft 365.

“Healthcare organizations don’t need to panic, but periods of geopolitical tension are always a reminder to remain vigilant,” Teague said. “Historically, healthcare continues to be targeted primarily by financially motivated cybercriminals, but state-aligned groups sometimes use disruptive cyber activity to send political signals. The best defense remains strong identity security, monitoring, and tested incident response readiness.”

Teague said reports of the Iranian group’s involvement should be treated with some degree of caution until they are verified. He also said healthcare leaders should not expect an imminent attack, but it is a good reminder to reinforce some fundamental basics and preparation to respond to attacks.

“From my perspective the most important takeaway for healthcare is that this incident reinforces how cyber events are evolving beyond ransom and data encryption, but rather into business disruption, identity compromise, system wiping, and operational paralysis,” Teague said.

Health systems should be employing strong multi-factor authentication, and monitor for any unusual activity.

Hospitals can always benefit from reviewing downtime procedures to be sure they are able to deliver care in the event of a cyberattack. Outages, tied to cyberattacks or other natural disasters, pose one of the biggest threats to patients, according to ECRI, a nonprofit group focused on patient safety.

Hal Wolf, president and CEO of HIMSS, told Chief Healthcare Executive in an interview earlier this month that cybersecurity is getting more attention from hospitals and the healthcare industry. But he says there is room for greater attention.

“People are absolutely focused on it,” Wolf said. “It doesn't get the sizzle that it probably deserves, because we're all focused on some other aspects, like AI and things of that nature. But let's just call it out. It's absolute table stakes.”

Stryker says its products touch the lives of 150 million patients annually. The company reported more than $22 billion in sales in 2024.

• Read more: Ransomware groups target vendors to get into hospitals