March attack linked to Iranian threat actor Handala
Pro
Image: Stryker
Stryker has restored most manufacturing sites and critical lines roughly two weeks after the company suffered a cyberattack.
The company is working with its global manufacturing sites as “operations steadily improve towards full capacity,” a spokesperson said in a statement e-mailed website MedTech Dive. Stryker is making “strong progress” on restoring underlying systems that support production and fulfillment.
Stryker’s electronic ordering system, which was shut down due to the attack, has been restored for customers. The Portage, Michigan-based company is “working as quickly and safely as possible to reconcile orders, manufacture products and deliver to our customers so they can continue to provide seamless patient care,” the spokesperson said.
The spokesperson declined to comment on whether Stryker has a timeline for full restoration of its operations, and whether the financial and material impact on the company is yet known.
On 11 March, Stryker was hit by a cyberattack that disrupted its internal Microsoft environment, affecting order processing, shipping and manufacturing across the company. Stryker has been working to restore operations over the past several weeks.
The attack has been claimed by an Iran-linked threat actor tracked as Handala, according to Check Point Research. The group claims to have wiped thousands of servers and mobile devices and stolen data. The attack also led to the delay of procedures scheduled for the week of 16 March due to shipping delays, according to Stryker.
Stryker – which manufactures orthopedic products like implants and surgical robotics, as well as other medical equipment – said two weeks ago that the attack was contained and it was beginning to restore operations.
In a 19 March statement, the company said it was working with US government agencies and industry partners like the White House National Cyber Director, FBI, Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services.
In an investigation with cyber security experts, including Palo Alto Networks’ Unit 42, Stryker identified that a threat actor used a malicious file to run commands, allowing it to hide its activity while in the company’s systems, according to a filing with the Securities & Exchange commission. However, the file was not capable of spreading either inside or outside of Stryker’s environment.
“As of the date of this report, the Company’s investigation has not identified malicious activity directed towards its customers, suppliers, vendors or partners,” Stryker stated in the 12 March filing.
The attack was the first of two that hit the medtech industry in one week. One 12 March, Intuitive Surgical said that it had been hit by a phishing incident that compromised customer and employee data.
Stryker employs more than 4,100 people across six sites in Cork across research and development, manufacturing, and also hosts the company’s European operations leadership.
Cybersecurity Dive