In March 2026, medical-device maker Stryker suffered a global network disruption that hit order processing, manufacturing and shipments — though no patient-related services or connected medical products were affected. Investigators found no malware or ransomware; instead attackers abused Stryker's Microsoft Intune environment via a compromised administrator account to remotely wipe a large number of devices. A pro-Iran group (Handala) claimed responsibility, framing it as retaliation, and the incident had a material impact on Stryker's first-quarter earnings. We discuss why destructive attacks through legitimate device-management tooling are so dangerous and the healthcare supply-chain risk.

Worried an admin account could be turned against your own fleet? Visit  ...