Stryker continues to dig itself out of the hole left by the global cyberattack it suffered nearly two weeks ago, saying its medical device manufacturing capacity is “ramping quickly as critical lines and plants are brought back online, prioritizing patient needs.”
The company also said in its update this morning that it is still working to restore its internal electronic ordering and shipping processes—which were taken down March 11 following an attack from the pro-Iran group Handala Hack in retaliation for the U.S. and Israeli strikes on the country. The intrusion wiped data from many employees’ laptops, smartphones and other devices through their Microsoft Intune corporate software platforms.
Last week, Stryker disclosed that some surgeries scheduled for the week of March 16 had to be postponed due to delivery delays, following reporting from Bloomberg. Previously, the company said its sales representatives would be working directly with customers to manually fill replenishment orders. A timeline for being fully operational has not been provided.
Stryker has repeatedly said that the hack did not reach its deployed medical hardware—such as its Mako surgical robots, Vocera clinician communication platforms and Lifepak vital sign monitor-defibrillators, among other products across its portfolio—which run different software and remain safe to use.
Related
In addition, the company has maintained that it found no evidence of ransomware or malware. However, further investigation—in collaboration with Palo Alto Networks’ Unit 42 cybersecurity consultancy—found Handala Hack used a malicious file to run commands and hide its activity within Stryker’s systems.
“To be clear, this file was not capable of spreading—either inside or outside of our environment. Most importantly, at no point has our investigation identified malicious activity directed towards our customers, suppliers, vendors or partners,” Stryker wrote in its March 23 update, underlining that it believes the incident has been fully contained.
According to Stryker, Unit 42 has been working with the company to review forensic evidence, secure existing employee login accounts and rebuild systems from protected backups. Stryker has also been working with Microsoft as well as U.S. government authorities including the FBI, the Cybersecurity and Infrastructure Security Agency and the Defense Health Agency, among others.
Unit 42 has said that Handala Hack is currently considered by the threat intelligence community to be a front for Iran’s Ministry of Intelligence and Security—-and, prior to its escalated attack on Stryker, the group had claimed responsibility for compromising or targeting systems within an Israeli energy exploration company as well as civilian healthcare providers in addition to fuel stations in Jordan.
At Stryker, Handala Hack claimed on social media to have wiped some 200,000 systems while stealing 50 terabytes of data.
