Within hours of the US and Israel launching airstrikes on Iran two weeks ago, security professionals warned organizations around the world to be on heightened watch for destructive retaliatory hacks. On Wednesday, the predictions appeared to come true as Stryker, a multinational maker of medical devices, confirmed a cyberattack that took down much of its infrastructure, and a hacking group long known to be aligned with the Iranian government claimed responsibility.
Where things stand
When and how did the attack come about?
The first indications were social media posts and a report from a news organization in Ireland. Messages posted by purported Stryker employees or their family members on social media said workers’ phones and computers had been wiped. A report the Irish Examiner published Wednesday morning, citing multiple anonymous sources, made the same claims and said some employees witnessed login pages on wiped devices displaying the logo of Handala Hack, a group that researchers who have followed it for years say is aligned with the Iranian government.
What is the status now?
Stryker said Thursday that it’s in the midst of responding to a “global network disruption to our Microsoft environment as a result of a cyber attack.” The update went on to say responders have no indication that ransomware or malware—the usual causes for such outages—were involved. The responders believe the incident is now contained and limited to the internal Microsoft environment.
The company did say that Lifepak, Lifenet, and Mako devices—which medical professionals use to monitor for and control heart attacks, manage and transmit patient information in real time, and perform surgeries—were all functioning normally. In a Securities and Exchange Commission filing on Wednesday, Stryker said it had no timeline for recovering normal day-to-day activities.
