03/23/2026
Our internal teams continue to work around the clock with external partners to make meaningful progress on our restoration efforts. We are grateful for the partnership and collaboration with government agencies and industry partners.
We believe the incident is contained, and we are prioritizing restoration of systems that directly support customers, ordering and shipping. Our internal teams, in partnership with third-party experts, reacted quickly to not only regain access but to remove the unauthorized party from our environment.
Early in our investigation, we believed there was no indication of ransomware or malware. Further into the course of our investigation, alongside Palo Alto Networks Unit 42 and other experts, we identified that the threat actor used a malicious file to run commands which allowed them to hide their activity while in our systems. To be clear, this file was not capable of spreading — either inside or outside of our environment. Most importantly, at no point has our investigation identified malicious activity directed towards our customers, suppliers, vendors or partners. Unit 42’s latest findings are included in a General Assurance Letter we received, which can be found below. This letter reaffirms our belief that this incident is contained and that analysis has not identified any evidence of the threat actor accessing customer, supplier, vendor and partner systems as a result of this incident.
There is nothing more important to us than the customers and patients we serve, and we recognize the criticality of every procedure to every patient. We are working closely with our global manufacturing sites as operations continue to stabilize. Manufacturing capability is ramping quickly as critical lines and plants are brought back online, prioritizing patient needs. This is a 24/7 effort and the first priority of our entire organization.
03/19/2026 6:05 p.m. ET
Our internal teams have continued to work around the clock with our external partners to make significant progress on our restoration efforts. We believe the incident has been contained, and we are prioritizing restoration of systems that directly support customers, ordering and shipping.
We have been focused on proactive outreach to and collaboration with government agencies and industry partners. We are in close contact with the White House National Cyber Director, FBI, CISA, DHA, HHS and H-ISAC and appreciate the ongoing support they have been giving us. We’re grateful to the government for their efforts to seize domains linked to the purported threat actors. Protecting the healthcare ecosystem against cyber threats is a priority that requires extensive public-private partnership. True to our commitment to transparency and a collective cyber defense, we are committed to sharing meaningful intelligence that strengthens the resilience of patient care worldwide.
As a reminder, this incident did not affect the security or safety of our products or devices. All Stryker products across our global portfolio, including connected, digital, and life-saving technologies, remain safe to use. Some of our customers that utilize our personalized implants are experiencing some disruptions. We understand that some patient-specific cases scheduled for the week of March 16 have been rescheduled due to shipping delays we are experiencing. There is nothing more important to us than the customers and patients we serve, and we recognize the criticality of every procedure to every patient. We are working as quickly and safely as possible to reconcile orders, manufacture product and deliver to our customers so they can continue to provide seamless patient care. This is a 24/7 effort and the first priority of our entire organization.
