Stryker says hospital tools are safe, but digital ordering systems still down after cyberattack

Electronic ordering systems belonging to the The medical device company Stryker are still down a week after a cyberattack believed to have wiped thousands of company devices of all information. 

The Fortune 500 company produces a wide range of digital tools for hospitals, emergency medical equipment, disposable products for surgical procedures and implants used for hip, knee and shoulder replacements. Since Wednesday, Stryker has dealt with company-wide technology outages that caused factory closures and work disruptions at its locations in multiple countries. 

In an update on Sunday afternoon, Stryker officials said that while it works to bring its electronic ordering systems back online, sales representatives would coordinate directly with customers to replenish goods through manual methods.  

“Orders placed prior to the disruption will be reconciled as systems are restored, and electronic orders placed during the disruption will process once systems are back online, and supply is flowing normally,” the company said. 

Healthcare devices safe

Stryker officials went to great lengths to tell customers that all of its connected digital products are safe for healthcare facilities to use. Several statements released on Friday and Sunday imply the company is getting a deluge of questions about the safety of the software and hardware deployed at hundreds of hospitals around the world. 

The cyberattack “was contained to Stryker’s internal Microsoft environment, and as a result it did not affect any of our products — connected or otherwise,” Stryker said.  

The company told customers that it went through a previously-established protocol to confirm that its “connected products were not impacted by the incident and remain safe to use.”

Stryker said its connected beds and stretchers were not impacted because the devices “have their own security protocols and operate completely independently of the Stryker network.”

The company has dozens of other technological tools embedded in hospital networks and confirmed to customers that none of them were impacted by the cyberattack. This includes the Vocera Voice hands-free, voice-controlled communication system and the Care.ai sensor system used in hospital rooms. 

Stryker's Surgical Visualization Platforms, endoscopy business, the surgical sponge management system and other products can continue to be used during surgeries, the company explained. 

They added it is safe for Stryker employees to be onsite at hospitals as well as healthcare facilities and that there is no danger in communicating by phone or email with the company’s staff. 

The company did not provide a timeline for when systems would be restored but said they are focusing on the platforms that handle ordering, shipping and customer support. 

The attack on Stryker was claimed by an Iranian-aligned group called Handala. In a statement, the group said it targeted Stryker because of its work with the U.S. Defense Department. Stryker has not confirmed whether the incident has been officially attributed to Iranian cyber actors. 

Stryker said last week that no ransomware or malware was involved in the incident and employees reported that any devices with Microsoft Intune installed had been wiped clean. Stryker uses Microsoft Intune to manage all company devices and cybersecurity experts said it has a feature that would allow someone with administrative access to wipe all devices. 

Incident responders at Cisco Talos said last week that the attack “was almost certainly executed by compromising high-level administrative accounts, based on our identification of hundreds of leaked Stryker credentials on the dark web.” 

“The threat actors likely gained access to Stryker’s Microsoft Intune management console, within which they reportedly weaponized the platform's native remote wipe feature to simultaneously reset connected corporate devices,” the company said. “This living-off-the-land (LOTL) technique allowed the group to cause widespread destruction and data loss, possibly without the need for traditional wiper malware.”