Why Stryker's Outage Is a Disaster Recovery Wake-Up Call

Zerowl

March 12, 2026

Why Stryker's Outage Is a Disaster Recovery Wake-Up Call

This week's cyberattack on medical technology company Stryker, which seems to have taken tens of thousands of systems offline, is a sobering reminder of how important it is for businesses to have strong and tested plans for business continuity and disaster recovery This article explores break glass accounts. . The Iranian terrorist group Handala said they were behind the attack.

They said it was revenge for a recent airstrike on a school in Iran that reportedly killed more than 160 children and for the company's supposed ties to Israel. Handala said in a post on X that it had deleted about 200,000 Stryker "systems, servers, and mobile devices" and stolen 50 terabytes of company data. The group said, "Stryker's offices in 79 countries have had to close."

"The free people of the world now have all the information they need to make real progress for all of humanity." The $25 billion Stryker called the incident on Wednesday a "global network disruption to its Microsoft environment," which it thought had been fixed. "Separating privileges is also very important."

Related: Lessons from the Hive Mind: Stranger Things Meets Cybersecurity Iozzo says that companies should only give global admin rights to a small number of "break-glass" accounts, especially in cloud environments. Routine administration across different environments should be done with separate, lower-privilege accounts for each task.

Collin Hogue-Spears, senior director of solution management at Black Duck, says that BCDR programs often assume that the management plane, identity infrastructure, and corporate communications will survive the attack. But a wiper attack that is meant to wipe out data for good breaks all three of these assumptions at the same time. Collin says, "CISOs need to rebuild BCDR plans based on a total-loss wiper scenario, not a recoverable ransomware scenario."

That means having backups that can't be changed and are separate from the main identity plane, communications that don't rely on corporate infrastructure, and recovery runbooks that assume no endpoints will work on day one.

Why Stryker's Outage Is a Disaster Recovery Wake-Up Call

Trending News

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Coruna, DarkSword, and Democratizing Nation-State Exploit Kits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Apple Sends Lock Screen Alerts to Old iPhones About Active Web-Based Exploits

Wartime Usage of Compromised IP Cameras Highlight Their Danger

Wartime Usage of Compromised IP Cameras Highlight Their Danger

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

Hackers use phishing ZIP files to send PXA Stealer to steal money from banks and other financial institutions.

China improves the backdoor it uses to spy on telecom companies around the world.

China improves the backdoor it uses to spy on telecom companies around the world.

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Telnyx PyPI Package With 742,000 downloads Compromised in TeamPCP Supply Chain Attack

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Attacks on infrastructure that have physical effects are down 25%.

Attacks on infrastructure that have physical effects are down 25%.

How mistakes can help businesses improve their security programs

How mistakes can help businesses improve their security programs