Stryker has fallen victim to a global cyberattack, with many of its enterprise systems having their data remotely wiped and leaving employees unable to log in to their computers and smartphones.
According to a report from Bloomberg, the pro-Iran group Handala has publicly taken credit for the incident on social media, in response to the U.S. and Israeli strikes on the country, with claims of deleting and extracting information from more than 200,000 systems.
The hack began affecting Stryker’s Microsoft-powered servers and mobile devices shortly after midnight Eastern time. The Wall Street Journal reported that employees were told to disconnect all company-issued hardware from the internet or not power it on, and to delete work profiles from smartphones. At the same time, a Handala logo began appearing on internal login pages.
The local West Michigan TV station, FOX 17, said Stryker's global headquarters in Portage, located outside Kalamazoo, was closed March 11 as a precaution, citing a sign posted on the front door urging employees to stay off the company network as well as an empty parking lot.
In Ireland, home to Stryker’s largest manufacturing hub outside the U.S. and about 5,000 employees, the Cork-based Irish Examiner reported that some medical device production systems had been shut down.
In a public statement, Stryker said it has found no indications of ransomware or malware and that it believes the incident is contained.
“Stryker has business continuity measures in place to continue to support our customers and partners,” the company wrote March 11. “We are committed to transparency and will keep stakeholders informed as we know more.”
In an update posted overnight on March 12, Stryker said it believes the cyberattack has only affected its internal Microsoft software, and that its medical devices in the field—such as its Mako surgical robots, Lifepak defibrillator/monitors and Vocera communications platforms—remain fully safe to use. New shipments of products, however, may be delayed as it works to restore access to its business applications.
"We have visibility to the orders entered before the event, and they will be shipped as soon as our system communications are restored. Any orders that have come in after the event are being examined," the company said. "We are working to ensure our electronic ordering system is back up and running as quickly as possible. It is safe to communicate with Stryker employees and sales representatives by email and phone, and within your facility."
In a financial filing with the Securities and Exchange Commission, Stryker said that "the timeline for a full restoration is not yet known," and that it has not yet determined the hack's material impact on the company's business.
Electronic product ordering systems were still down as of the morning of March 15. Stryker said its sales representatives would work with customers to place replenishment orders manually where they can. The company said "supply is flowing normally," and that electronic orders placed during the disruption will be processed once the systems are brought back online.
"We are prioritizing restoration of systems that directly support customers, ordering and shipping. Our core transactional systems are already on a clear path to full recovery, and we will continue to provide updates as progress is made," the company said in its March 15 update.
Globally, Stryker counts about 56,000 employees operating in 61 countries.
Following the Feb. 28 strikes on Iran and its retaliation against countries and U.S. bases across the Middle East, multiple international drugmakers have been evaluating the safety of their workforces and their supply chains.
Editor's note: This story has been updated with new daily information from Stryker, and from a Securities and Exchange Commission filing.