ACCORDING to the SEC Form 8-K filing, on 11 March 2026 Stryker disclosed a cybersecurity incident that caused a global disruption to its Microsoft environment, with the company later confirming that the disruption affected order processing, manufacturing, and shipping while its medical products and patient services remained unchanged.
The incident is described as non-ransomware and not malware-driven, with authorities pointing to an identity compromise and abuse of Microsoft Intune administrative capabilities rather than a traditional intrusion. Handala Hack Team claimed responsibility, and public reporting suggested that as many as 80,000 devices may have been wiped within hours, though Handala’s larger figure of more than 200,000 devices and 50 TB of data exfiltration is not considered verified.
By 17 March 2026 Stryker said the attack had been contained and that restoration was prioritised for customer-facing systems, with the same note that products like Mako, Vocera, and LIFEPAK were not affected. The incident underscores how a compromised cloud admin plane can drive enterprise-wide disruption without malware, and it highlights the importance of safeguarding Entra ID, Intune, privileged roles, and recovery workflows.