US Urges Firms to Secure Microsoft Tool After Stryker Attack

• CISA alerts companies to strengthen Microsoft Intune security after Stryker attack.
• Iran-linked group Handala claims responsibility, highlighting geopolitical cyber risks.

What happened: Stryker cyberattack prompts urgent security measures

Last week, medical device maker Stryker Corp suffered a cyberattack disrupting global operations, affecting systems managing orders, production, and shipments. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued guidance urging firms to reinforce Microsoft Intune, the endpoint management tool used for overseeing company devices and applications. An Iran-linked group, Handala, claimed responsibility, citing retaliation for an attack on a girls’ school in southern Iran. The FBI is collaborating with CISA to assess threats and advise on mitigation strategies. Stryker confirmed the attack was contained without affecting patient care, though some surgeries experienced delays. Bloomberg reported operational disruptions persisted for several days, and internal teams worked around the clock to restore normal functions. The advisory emphasises patching vulnerabilities, auditing device access, and implementing multi-factor authentication across critical endpoints.

Also read: US removes spyware-linked executives from sanctions list, stoking debate on cybersecurity oversight

Also read: What is cybersecurity?

Why this is important

The Stryker incident highlights the vulnerability of essential industries to geopolitical cyber threats. Endpoint management tools like Microsoft Intune are increasingly targeted because they provide centralised access across multiple devices, creating potential entry points for attackers. Healthcare providers are particularly exposed, as operational disruptions can delay critical treatments, even if clinical systems remain secure. This attack demonstrates how state-linked groups can weaponise technology against global businesses, affecting supply chains and international operations. It also reflects a wider industry trend, with ransomware and targeted attacks rising in 2026. Organisations managing critical infrastructure must prioritise digital resilience through proactive configuration hardening, continuous monitoring, and threat intelligence sharing. The CISA advisory serves as a wake-up call, urging all firms reliant on centralised platforms to review security measures and protect operational continuity. Lessons from Stryker’s response, including rapid containment and public communication, provide a model for handling similar attacks in the future.