According to a press release, Stryker Corporation recently “experienced a cybersecurity attack which resulted in a global disruption to Stryker’s (internal, corporate) Microsoft environment.” A cyberterrorist organization, Handala, reportedly claimed responsibility for the cyberattack. In a social media post, Handala claimed to have wiped data from more than 200,000 devices across 79 countries. Stryker announced being “in close contact with the White House National Cyber Director, FBI, CISA, DHA, HHS and H-ISAC” and that Styker is “grateful to the government for their efforts to seize domains linked to the purported threat actors.”
In addition to providing regular updates to its press release, Stryker has filed several Form 8-K reports with the SEC following the cyberattack. According to the SEC, Form 8-K reports are “for reports of nonpublic information required to be disclosed” by publicly traded companies soon after “a material cybersecurity event.” Stryker filed at least three Form 8-K reports in the days following the cyberattack: the first on March 11, the second on March 12, and the third on March 23.
Stryker reported in its March 12 Form 8-K report that “its operations continue to be disrupted, including its order processing, manufacturing and shipping.” By March 15, Stryker announced the cyberattack “was contained to Stryker’s internal Microsoft environment, and as a result it did not affect any of [Stryker’s] products.” On March 19, Stryker announced that some customers who utilize Stryker’s “personalized implants are experiencing some disruptions,” and that “some patient-specific cases scheduled for the week of March 16 have been rescheduled due to shipping delays.”
Stryker provided additional updates on March 23. Its March 23 Form 8-K report explained that “the threat actor used a malicious file to run commands which allowed it to hide its activity while in its systems,” but emphasized that Stryker have “not identified malicious activity directed towards its customers, suppliers, vendors or partners.” The March 23 8-K report also included a letter from a third-party advisor, who explained that the “[c]urrently available evidence indicates that the identified unauthorized activity has been contained and the immediate risk to Stryker’s operational environment has been mitigated.” Stryker included that letter with its latest press release, stating “[t]his letter reaffirms our belief that this incident is contained and that analysis has not identified any evidence of the threat actor accessing customer, supplier, vendor and partner systems as a result of this incident.”
Tags
cyberattack, Cybersecurity, med device, medical device, Medical Device Cybersecurity, Stryker
