Global Medical Giant Stryker Regains Control Following March Hack

PORTAGE, Mich. — Portage-based Stryker has announced that a severe cyberattack from March has been contained, but the incident has left the global medical device manufacturer scrambling to restore operations after employees were shut out of their systems for more than a week.

The company stated Monday that teams have been working around the clock alongside federal agencies and outside cybersecurity experts to restore systems tied to ordering, shipping and manufacturing. Despite this progress, new lawsuits have emerged raising concerns about what sensitive data may have been exposed during the breach.

"The incident is now believed to be contained," Stryker said in an update released Monday morning. "Teams have been working around the clock alongside federal agencies and outside cybersecurity experts to restore systems tied to ordering, shipping and manufacturing."

The company said it has not found evidence that the attack spread beyond its internal environment or impacted customers, suppliers or medical devices used in patient care.

Malicious File Allowed Hackers to Hide in Systems

The March 11 attack caused widespread disruption across Stryker's internal Microsoft systems, impacting operations globally. A group calling itself "Handala Hack" claimed responsibility online, saying it carried out the attack and stole large amounts of data. Federal officials have since linked that group to Iran's Ministry of Intelligence and Security.

According to Stryker, the threat actor used a malicious file that allowed them to hide their activity while inside the company's systems. The company said that file was not capable of spreading, and it was never directed toward customers, suppliers, vendors or partners.

"Our teams are working rapidly to understand the impact of the attack on our systems," Stryker officials said on March 12. "Stryker has business continuity measures in place to continue to support our customers and partners. We are committed to transparency and will keep stakeholders informed as we know more."

The FBI announced over the weekend that it had seized websites tied to Handala Hack operations. Before the shutdown, the group published a statement claiming they had wiped over 200,000 systems, servers and mobile devices while extracting 50 terabytes of critical data.

Employee Lawsuits Claim Failed Data Protection

The fallout is now shifting to the courtroom. At least two lawsuits have been filed against Stryker in recent days, including one from a current employee who alleges the company failed to properly protect sensitive personal information.

The employee complaint claims data such as Social Security numbers and financial institution information may have been exposed and could already be circulating among cybercriminals. The employee reported seeing an increase in spam and scam attempts following the breach.

"It was really in and out," said cybersecurity investigator Dr. David Utzke. "Get in, do as much damage as you can, and get out."

Utzke said the attack likely began with a phishing attempt that allowed hackers to obtain administrator credentials, giving them access to internal systems. While early findings suggest the attack was contained within Stryker's network, he said any data taken could still be used to target individuals directly.

"If they were able to access HR-type systems, that information could be used to expand their attack by targeting people directly," Utzke said.

Attack Pattern Mirrors Broader Cyber Threats

The attack on Stryker appears to be part of a broader pattern. Dr. Utzke said more than 100 cyberattacks have been reported globally in recent weeks across industries ranging from healthcare to banking, many tied to groups operating out of or aligned with Iran.

The employee who spoke to MLive on condition of anonymity described being told to stay home multiple days since the hack, including on Friday, March 20, nine days after the incident. Some managers' phones were completely wiped, according to the worker.

"I just don't understand why everyday working people have to be affected on both sides," the employee said previously, "when we didn't make these decisions."

Stryker reported paying employees for their regularly scheduled time, including for any hours they were unable to work due to closures.

Company Background and Impact

Founded by Dr. Homer Stryker in Kalamazoo County, Stryker's global headquarters is located in Portage. The company offers an array of products and services in Medical and Surgical, Neurotechnology, Orthopaedics and Spine that aim to improve patient and healthcare outcomes.

Globally, the company employs more than 53,000 people and has offices across 61 countries. Stryker reported $25.1 billion in global sales for 2025.

The Portage facility, located at 1941 Stryker Way, serves as the global headquarters and is where the company manufactures medical devices.

Legal Challenges for Lawsuits

Despite the concerns raised in the lawsuits, legal experts say the cases may face significant hurdles. Under Michigan law, employees are typically limited to workers' compensation claims for workplace-related issues, which can shield employers from additional lawsuits unless there is evidence of intentional harm or fraud.

Law professor Mark Dotson said those exceptions do not appear to apply in this case, making it unlikely the lawsuits will succeed.

"While early findings suggest the attack was contained within Stryker's network, he said any data taken could still be used to target individuals directly."

The attack on Stryker comes at a time when cybersecurity threats are escalating globally, with Iranian-linked groups conducting sophisticated attacks against critical infrastructure and private sector companies.