Stryker has announced that its global manufacturing network is fully operational once again following a cyberattack that caused significant disruptions to the company’s order processing, manufacturing and shipping capabilities.
Having initially reported worldwide disruption to its Microsoft environment on 11 March 2026, Stryker shared in early April that production is now “moving rapidly” toward peak capacity, supported by restored commercial, ordering and distribution systems.
“Overall product supply remains healthy, with strong availability across most product lines, as we continue to meet customer demand and support patient care,” the company adds via an update on its website. “Our work continues around the clock in close partnership with third‑party cybersecurity experts, relevant government agencies and industry partners as our investigation progresses, reflecting a shared commitment to protecting the healthcare ecosystem and supporting ongoing recovery efforts.
“Patient care remains our highest priority, with a continued focus on supporting healthcare providers and the patients they serve. This remains a 24/7 effort and the first priority of our entire organisation. We are grateful to our customers, healthcare professionals, partners and employees for their patience, partnership and continued trust.”
Via several updates throughout March, Stryker maintained that there was “no indication” the cyberattack was caused by ransomware or malware, and that it believed the incident was “contained”. The company also confirmed that the attack did not affect the security or safety of its products or devices, and that all Stryker products across its global portfolio—including connected, digital and lifesaving technologies—remained safe to use.
“Further into the course of our investigation, alongside Palo Alto Networks Unit 42 and other experts, we identified that the threat actor used a malicious file to run commands which allowed them to hide their activity while in our systems,” Stryker reported via an update on 23 March. “To be clear, this file was not capable of spreading—either inside or outside of our environment. Most importantly, at no point has our investigation identified malicious activity directed towards our customers, suppliers, vendors or partners.”
Within the same update, Stryker also acknowledged that some customers utilising its personalised implants were experiencing disruptions, with certain patient-specific cases scheduled for the week of 16 March having been rescheduled due to shipping delays the company was experiencing.
More details on the cyberattack and Stryker’s response to it can be found online here.
