The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to organizations about enhancing the security of their device management systems following a significant cyber incident involving medical technology firm Stryker. Last week, hackers associated with a pro-Iran group, known as Handala, compromised Stryker's network, resulting in the deletion of data from thousands of employee devices, including personal phones and tablets.
Stryker confirmed on March 11 that it was experiencing widespread disruptions to its operations after the breach. Although the hackers did not utilize malware, they exploited their access to Stryker’s Windows-based network to remotely wipe devices managed through Microsoft Intune. The agency advised network administrators to require dual approval for sensitive actions, such as wiping devices, to prevent similar incidents.
Currently, Stryker's medical devices remain functional, but its supply, ordering, and shipping systems are still offline. The company is in the process of restoring its systems but has not provided a timeline for full recovery. Meanwhile, the FBI has taken action against the Handala group's online presence following their claims of responsibility for the attack.