Stryker attack remotely wipes tens of thousands of devices while products remain safe
Mar 17th 2026
Stryker says its medical products are safe after a cyberattack that remotely wiped tens of thousands of employee devices via Microsoft Intune; the company is restoring ordering and shipping systems while investigators probe the intrusion.
- Attack was limited to Stryker’s internal Microsoft environment and did not affect medical devices.
- A threat actor used Microsoft Intune wipe commands after compromising an administrator account and creating a new Global Administrator account.
- A source told BleepingComputer nearly 80,000 devices were erased on March 11 between 05:00 and 08:00 UTC, while the attacker claimed over 200,000 wiped and 50 terabytes stolen.
- Stryker says the incident was not ransomware, investigators found no evidence of data exfiltration, and no malware was deployed.
- Electronic ordering and transactional systems are offline and customers must place orders manually while recovery and shipping are being restored.