Customer Updates: Stryker Network Disruption

11-Mar-2026
stryker-logo-thumbnail

03/13/2026 5:15 p.m. EST

Stryker is responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained.

Our teams are working to understand the full impact to our internal environment, and while we continue to investigate, below are responses to some of your inquiries:

Are Vocera and care.ai owned by Stryker? Yes. In 2022, Stryker Corporation acquired Vocera Communications, Inc. and in 2024 acquired Vuaant, Inc., d/b/a care.ai. Both entities are wholly owned subsidiaries of Stryker Corporation and operate under Stryker's Smart Care business unit.

Are Vocera Edge, Vocera Ease and care.ai impacted? The cloud infrastructures for these services were not impacted. Our Amazon Web Services (AWS) and Google Cloud Platform (GCP) infrastructure systems, utilized by Vocera Edge, Vocera Ease and care.ai, were not affected by the global network disruption.

Are on-premise deployments of Vocera products impacted, especially with those that have VPN connections back to Stryker? No, not impacted. Those products are deployed on customer infrastructure, and their operations do not require connectivity to Stryker systems.

Please review additional details below regarding the safety of our products:

Vocera Voice – Vocera Voice is deployed on customer-provided and customer-managed infrastructure. Its operation does not require connectivity to Stryker Corporate systems, and there is no operational dependency between customer Vocera Voice environments and the affected Stryker infrastructure.

Vocera Edge (including AWS Cloud), Vocera Engage, and Vocera Platform – These areLinux-based products that do not rely on Microsoft Windows, rendering them not susceptible to this specific attack vector. Vocera Edge, including instances hosted on AWS, operates on infrastructure that is architecturally independent of the affected Stryker Corporate systems. The remote systems and connection paths used to maintain these products are isolated from the impacted environment. 

care.ai Platform (Google Cloud Platform) – The care.ai Platform is hosted onGCP, which is architecturally independent of the affected Stryker Corporate systems. The incident did not extend to GCP infrastructure or the care.ai application. The system continues to operate normally. 

Vocera Ease (Amazon Web Services) – Vocera Ease is hosted on Amazon Web Services (AWS) and operates entirely within AWS infrastructure, which is architecturally independent of the affected Stryker Corporate systems. While Vocera Ease utilizes Azure Entra ID for identity and authentication services, this component was not within the attack vector and was not impacted by the incident. Vocera Ease continues to operate normally.

Our Corporate Cyber Security and Product Security Teams maintain ongoing monitoring for anomalies as part of standard operations.  We have verified that customer data flows are operating as expected and will continue to actively monitor system performance. In addition to certain other precautionary actions, we have heightened the frequency of security scans across all cloud environments and are conducting a comprehensive review of access controls to ensure continued integrity of customer data.

We remain committed to full transparency throughout this process. We will keep you updated as we have more information.

 

03/13/2026 3:30 p.m. EST

Stryker is responding to a global network disruption to our Microsoft environment as a result of a cybersecurity attack. We have no indication of ransomware or malware and believe the incident is contained.

Our teams are working to understand the full impact to our internal environment and while we continue to investigate, below are responses to some of your inquiries.

We can confirm Stryker's Surgical Visualization Platforms and Connected OR Hub, as well as server and cloud products from Stryker's Endoscopy business, including Studio3, Datamediator, Hospital Status, and Cisco Codecs, are not impacted.

These products do not rely on or integrate with Stryker’s internal environment. Due to the nature of the product’s architecture and its separation from the affected systems, there is no exposure pathway related to this incident.

Can I continue to use these products in surgery? Yes. You may continue to use these products as intended during surgery.

Are these products safe to remain on the hospital network? Yes. The safety of these products has not been impacted by this cybersecurity attack.

We are committed to keeping our stakeholders informed as we manage this situation. There is nothing more important to us than the customers and patients we serve. Please visit this page for the most up to date communication.

 

03/13/2026 3:23 p.m. EST

We are continuing to resolve the disruption impacting our global network, resulting from the cyber attack.

Our full-service Sustainability Solutions support for collections of used devices as part of our reprocessing program will continue. There may be some minor interruptions, but you can have confidence that your local Stryker service team member will be collecting at your facilities according to their normal schedule.

Please contact your local Stryker sales rep or service team member with any questions.

 

03/13/2026 3:13 p.m. EST

Stryker is responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained.

Our teams are working to understand the full impact to our internal environment and while we continue to investigate, below are responses to some of your inquiries:

Who do I direct all product-related questions to? Please direct all questions to your local sales representative, as they will have the latest information on system status and product availability.

Can I place orders and plan to receive products from Stryker’s Sage business? If you order through distribution networks, please work with your distributor to continue normal ordering patterns. If you order directly through Stryker, we are actively working on shipping timelines and will provide updates as soon as they become available.

Is there a plan in place to handle the backlog of orders? We will be running additional shifts and personnel to facilitate any potential backlog while working closely with distributors and customers. Your Stryker representative and distribution representatives will have the most up-to-date information as it becomes available.

Please reach out with further feedback, and we will keep you updated as we have more information.

 

03/13/2026 3:11 p.m. EST

Stryker is responding to a global disruption in our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained. 

Our teams are working to understand the full impact to our internal environment, and while we continue to investigate, below are responses to some of your inquiries for the SurgiCount and Triton applications and EMR connectivity, including: 

• SurgiCount Gen2 Android Barcode Application 

• SurgiCount+ Gen2 RFID Application 

• SurgiCount+Triton Gen3 Application 

Is the product safe to use? Yes, SurgiCount and Triton devices are safe to use; connected or offline. 

Are my SurgiCount or Triton Devices impacted? No, the devices are not impacted. 

Do I need to restart devices? No, you do not need to take any action. 

Can the device be used offline? Yes, SurgiCount and Triton devices can work without WiFi for up to 30 days. While offline, wound packing, prior quantitative blood loss (QBL) completion and realtime notifications are not available, including EMR connectivity. Refer to the IFU for additional details. 

Is SurgiCount a cloud-based system? Yes. SurgiCount operates within a dedicated, isolated cloud environment that is architecturally separate from other Stryker systems. SurgiCount has no interface with, or dependency on, Stryker’s corporate Microsoft environment. 

Does the device connect to the Stryker internal network or an independent network? By design, SurgiCount operates independently of Stryker’s Microsoft environment, with no standard network pathway between the two environments. 

Please reach out with further feedback, and we will keep you updated as more information becomes available.

 

03/12/2026 9:13 p.m. EST

Media Statement:

On March 11, 2026, we experienced a cybersecurity attack which resulted in a global disruption to Stryker’s Microsoft environment. Upon detecting this incident, we quickly activated our incident response plan and launched an investigation with the support of external advisors and cybersecurity experts. 

Importantly, the incident is contained to Stryker’s own internal Microsoft environment. There is no malware or ransomware detected. Our connected products are not impacted and are safe to use. 

This incident has caused disruptions to order processing, manufacturing and shipping. However, we are working diligently to restore our systems and above all, we are committed to ensuring our customers can continue to deliver seamless patient care. 

We implemented business continuity measures to support our customers and partners to the fullest extent possible. We will provide updates as services begin to come back online.

Our investigation into the nature and scope of this incident remains ongoing and is in its early stages. We are collaborating with law enforcement and our government agency partners to share meaningful intelligence about this incident as we learn more.

 

For media inquiries related to the global network disruption, please contact MediaRelations@stryker.com

 

03/12/2026 2:24 p.m. EST

Stryker is responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained.

Our teams are working to understand the full impact to our internal environment and while we continue to investigate, below are responses to some of your inquiries:

Are my LIFEPAK Devices impacted? No, the devices are not impacted. These devices have their own security protocols and operate completely independently of the Stryker network.

Do I need to restart devices or remove batteries on my device? No, you do not need to take any action.

Is it safe to transmit via LIFENET System? Our LIFENET system continues to function normally with no impact from the disruption. We have verified customer information is flowing as expected and will continue to monitor system performance. We have also taken additional precautions to further secure the system due to the critical nature of the customer data.

We have been made aware that some ePCR vendors and/or hospital systems may have temporarily paused transmissions. If you are experiencing this issue, please contact your ePCR vendor or Hospital administrators.

Please reach out with further feedback and we will keep you updated as we have more information.

 

03/12/2026 10:43 a.m. EST

Stryker is responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained. 

Our teams are working to understand the full impact to our internal environment and while we continue to investigate, below are responses to some of your inquiries: 

Is the Mako System connected? The Mako System for hip, knee and shoulder procedures is not a connected device. 

For Mako plans, what layers of security do we have built into our USB's/flash drives? Stryker has several layers of data security built into our flash drives including encryption for data and automated quality checks that will display an error message if the uploaded plan does not match the expected plan. We have confirmed there is no malware that can be downloaded and the disruption is impacting our internal Microsoft environment. 

Can I use the Mako plan that was downloaded prior to today? Yes, we have the capabilities to locally plan the case directly on the Mako System for total and partial knees in addition to planning on the MPS laptops. Reps can hand carry the CD directly to the system and plan on the system without requiring any connectivity. 

Please reach out with further feedback and we will keep you updated as we have more information.

 

03/12/2026 12:32 a.m. EST

We are continuing to resolve the disruption impacting our global network, resulting from the cyber attack. 

At this time, there is no indication of malware or ransomware and we believe the situation is contained to our internal Microsoft environment only. 

Our products like Mako, Vocera and LIFEPAK35 are fully safe to use. 

We have visibility to the orders entered before the event, and they will be shipped as soon as our system communications are restored. Any orders that have come in after the event are being examined.

We are working to ensure our electronic ordering system is back up and running as quickly as possible.

It is safe to communicate with Stryker employees and sales representatives by email and phone, and within your facility.

We are committed to keeping our stakeholders informed as we manage this situation. There is nothing more important to us than the customers and patients we serve. Please visit Stryker.com/newsroom for daily updates.

 

03/11/2026 

Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained. 

Our teams are working rapidly to understand the impact of the attack on our systems.

Stryker has business continuity measures in place to continue to support our customers and partners. We are committed to transparency and will keep stakeholders informed as we know more.