Breach taxonomy
Summary
On March 11, 2026, Stryker Corporation identified a cybersecurity incident affecting its Entra ID/Active Directory environment, servers, and workstations, causing a global disruption to its Microsoft environment. Upon detection, the Company activated its cybersecurity response plan, engaged Palo Alto Networks Unit 42 for DFIR, and involved Microsoft to assist with identity infrastructure recovery. Forensic analysis by Unit 42 identified and neutralized malicious binaries and unauthorized persistence mechanisms; all known IOCs were eradicated and no unauthorized activity was detected since 2026-03-11. As of 2026-03-20 Unit 42 confirmed no active, uncontained, persistent unauthorized access; impacted systems are being rebuilt or restored from pre-compromise backups, with isolated systems remaining offline pending recovery. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor; states only that there is no indication of ransomware or malware → UNKNOWN.