In a March 15 update Stryker said all connected, digital and life-saving technologies used by customers remain safe to use. “This event was contained to Stryker’s internal Microsoft environment, and as a result it did not affect any of our products—connected or otherwise,” the statement said. No ransomware or malware was deployed, the company added.
In the Stryker incident, attackers hijacked a tool that companies trust every day, and used it to shut down operations on a global scale, commented Ismael Valenzuela, vice-president of threat intelligence at Arctic Wolf. “By abusing Microsoft Intune, they were able to remotely wipe more than 200,000 devices across 79 countries. The lesson is clear: no single login should ever have the power to cause irreversible damage,” he said.
“Destructive administrative operations like device wipes, mass policy changes, or tenant‑wide updates must require multiple approvals,” he added. “No one session, credential, or role should be able to take destructive action at scale without independent authorization. Organizations should immediately lock down endpoint management tools by tightly limiting admin access, enforcing multi‑party approvals, and continuously monitoring privileged activity so trusted platforms don’t become single points of failure.”
