A cyberattack claimed by pro-Iran hackers has caused a “global network disruption” to a major US medical device maker, according to a company statement.
Michigan-based Stryker “is experiencing a global network disruption to our Microsoft environment as a result of a cyberattack,” the company said in a statement to CNN. “We have no indication of ransomware or malware and believe the incident is contained. Our teams are working rapidly to understand the impact of the attack on our systems. Stryker has business continuity measures in place to continue to support our customers and partners.”
Stryker Corporation manufactures a wide range of hospital equipment, including defibrillators and ambulance cots. The company’s computer systems in Ireland were also affected by the cyberattack, according to local media reports. Stryker says its medical equipment and services support more than 150 million patients worldwide.
Read Also – Newsom announces $1B in Proposition 1 funding for behavioral health facilities
It was not immediately clear whether the breach had any direct impact on Stryker’s ability to supply equipment to hospitals in the United States. Cybersecurity leaders across the healthcare sector told CNN on Wednesday that they were closely monitoring the situation for potential effects.
One system reportedly affected by the cyberattack at Stryker Corporation was an IT platform known as Lifenet system, which emergency responders use to send patient data to hospitals.
The Maryland Institute for Emergency Medical Services Systems, which oversees emergency medical services in Maryland, informed hospitals on Wednesday that it had received multiple reports indicating that Stryker’s Lifenet electrocardiogram transmission system was “non-functional in most parts of the state.”
“Until the transmission capability has been restored, EMS clinicians should initiate radio consultation with the receiving hospital,” read the notice from the Maryland emergency services agency, which CNN obtained.
“A message was sent in abundance of caution until the situation can be resolved,” Todd Abramowitz, a spokesperson for the agency, told CNN in an email when asked for comment. “No effect on patient care, paramedics convey their interpretation verbally as they do all the time, routinely.”
The cyberattack appears to be one of the first significant pro-Iranian hacking incidents targeting U.S. infrastructure since the United States and Israel began airstrikes in Iran last month. U.S. intelligence officials had previously warned that hackers linked to Tehran could carry out retaliatory cyberattacks following the bombing campaign.
In a social media post on Wednesday, the group claiming responsibility for the attack said the breach of Stryker Corporation was retaliation for a missile strike on an elementary school in Iran. Iranian state media reported that the strike killed at least 168 children. The U.S. Department of Defense, also known as the Pentagon, is currently investigating the incident.
Meanwhile, federal agencies including the U.S. Department of Health and Human Services were assessing the potential impact of the cyberattack on patient care, sources familiar with the response told CNN on Wednesday.
A Wednesday evening call organized by the Healthcare and Public Health Sector Coordinating Council—an industry group that collaborates with the government to strengthen security in the healthcare sector—was brief and provided little new information about the Stryker breach, according to a source who participated in the call.
Hospitals are assessing whether they need to disconnect Stryker Corporation equipment from their hospital systems.
“Stryker needs to quickly become more forthcoming as hospitals are faced with dilemma of whether to cut off Stryker or not,” a cybersecurity executive in the health care sector told CNN. “Stryker publicly claims situation is ‘contained.’
The Wall Street Journal first reported the pro-Iran cyberattack, after which shares of Stryker Corporation fell by more than 3%.
Hackers linked to Iran had largely remained quiet in terms of attacks on U.S. organizations since the conflict began last month.
Proofpoint, an email security firm, said on Wednesday that its monitoring of known Iranian hacking groups had identified only one cyber campaign since the war began—an attempt to breach the account of an employee at a United States think tank.
“Too much of cybersecurity is focused on lower consequence breaches from financially motivated enemies, while we’re increasing our exposures to nation states and other enemies who seek to disrupt and destroy,” Joshua Corman, a cybersecurity expert who has focused on the health sector for years, told CNN. “China, Iran, Russia, etc. all have the means, motive, and opportunity to deal us devastating disruptions.”
Despite the US and Israel’s bombardment of Iranian government facilities, Wednesday’s hack showed that Tehran still has hackers capable of inflicting damage, cybersecurity analysts said.
“Cyber operations don’t require much infrastructure,” said Alex Rose, global head of government partnerships at cybersecurity firm Sophos. “A laptop and an internet connection can be enough to reach out and wreak havoc.”
