Stryker is now fully operational after a cyberattack took down its manufacturing, ordering and shipping operations.
The medtech company’s global manufacturing and commercial, ordering and distribution systems have been fully restored, according to a Thursday filing with the Securities and Exchange Commission.
Stryker said that the attack had a material impact on its operations, which will affect the company’s financial results for the first quarter of 2026. However, Stryker does not expect a material impact on its full-year guidance of 8% to 9.5% organic sales growth and adjusted earnings per share of $14.90 to $15.10.
The company did not detail the expected financial impact on the first quarter.
“Overall product supply remains healthy, with strong availability across most product lines, as we continue to meet customer demand and support patient care,” a company spokesperson said in an emailed statement to MedTech Dive.
Despite the cyberattack’s effect on the company’s first-quarter earnings, Wall Street analysts still see Stryker as a fundamentally strong company.
“We don’t believe shares were pricing in much of a durable impact even ahead of today’s update, but this still represents a positive update for Stryker that in our view further cements it as one of the best-executing names in our coverage worthy of a premium valuation,” J.P. Morgan analyst Robbie Marcus wrote in a Thursday note to investors.
RBC Capital Markets analyst Shagun Singh similarly backed Stryker, writing that “we continue to see [Stryker] as among the highest-quality, defensive names in our MedTech coverage delivering durable growth with a strong strategic focus that should position the company for a multi-year growth runway.”
Stryker was hit by a cyberattack on March 11, disrupting its internal Microsoft environment and taking down manufacturing, shipping and ordering across the company. The attack led to procedure delays due to shipping issues.
Stryker found that the threat actor used a malicious file to run commands and hide its activity while in the company’s systems; however, the file was not capable of spreading either inside or outside of Stryker’s environment.
The attack has been claimed by an Iran-linked threat actor tracked as Handala, according to Check Point Research. Along with the operational disruption, the group claims to have wiped thousands of servers and mobile devices and stolen data.
