Stryker said on Thursday that its operations were improving gradually and moving toward full capacity after a cyberattack on March 11 disrupted multiple aspects of its business. The company said manufacturing capability was being ramped up quickly, with most sites and critical production lines restored, and that electronic ordering systems have been returned to service for customers.
Stryker reported that the cyber incident initially affected order entry, manufacturing and shipments, as well as remote devices that could access the company's computer platforms. Employees found that cellphones, laptops and other remote devices running Microsoft's Windows operating system had been impacted by the attack, according to the company's statement.
Shares of Stryker rose 2% after the company said it had made rapid progress in restoring manufacturing and order systems. The firm emphasized that it is working to reconcile outstanding orders, continue manufacturing products and deliver to customers as quickly and safely as possible.
The attack was claimed on the same day by a group that identified itself as Handala. The group said it carried out the action in retaliation for a strike on a girls' school in Minab, in southern Iran. Stryker said it is coordinating with external cybersecurity experts and with appropriate authorities; those authorities have attempted to seize domains linked to the hackers, the company added.
Stryker, which employs roughly 56,000 people and operates in 61 countries, did not provide additional operational details beyond the statement that most sites and critical lines are restored and that it is reconciling orders. The company said its teams are focused on continuing the safe restoration of operations and delivery of products to customers.
In its public update, Stryker underscored the steps it has taken since the March 11 incident to bring systems back online and to engage outside expertise to assess and remediate the breach. Electronic ordering functionality has been restored for customers, and the company said it is moving as quickly and safely as possible to complete order reconciliation, resume manufacturing activity and fulfill shipments.
Separately, the company noted the scope of the incident in terms of impacted device types and reiterated that work with authorities to disrupt hacker infrastructure is ongoing. No additional claims or technical findings were provided in the statement.
Additional commentary from market services highlighted that the company’s stock movement followed the operational update, reflecting investor attention to the rapid restoration of manufacturing capability and customer-facing systems.
Contact and next steps
Stryker indicated it will continue coordination with external cybersecurity experts and appropriate authorities while continuing production and order reconciliation activities. The company’s priority, according to the statement, remains the safe restoration of services and timely delivery of products to customers.