At least two NHS trusts have declared internal incidents after a cyberattack disrupted the operations of global medical technology supplier Stryker, highlighting the growing vulnerability of healthcare supply chains to geopolitical cyber threats.

The attack, which targeted Stryker’s internal computer systems in March 2026, forced NHS procurement teams to assess potential disruption to the delivery of medical devices and equipment used in hospitals. Stryker supplies a wide range of critical products to health systems worldwide, including orthopaedic implants, defibrillators, surgical tools and ambulance equipment.

According to healthcare procurement sources, at least two NHS trusts declared incidents as a precaution after learning that the cyberattack had disrupted parts of the company’s operational systems. Local supply chain teams quickly reviewed stock levels and activated business continuity plans to ensure urgent equipment could still be obtained if deliveries were delayed.

Global disruption to Stryker’s digital infrastructure

Stryker confirmed that the cyberattack caused a “global network disruption” affecting parts of its corporate technology environment. The company reported that internal systems, including Microsoft-based infrastructure used by employees, experienced outages that temporarily limited access to certain business applications.

Although the company said there was no evidence that patient-facing systems or connected medical devices were compromised, the disruption affected operational processes such as order processing, manufacturing and product shipping.

The incident quickly drew attention from healthcare providers internationally because of Stryker’s role as one of the largest medical device manufacturers in the world. The company employs more than 56,000 people across 61 countries and generates more than $25 billion in annual revenue.

For NHS trusts that rely on the firm’s equipment, the disruption raised concerns about the resilience of global supply chains that underpin clinical services.

Iran-linked hacking group claims responsibility

Responsibility for the attack was claimed by a hacking group known as Handala, which cybersecurity analysts believe is linked to Iran’s intelligence infrastructure. The group said the operation was carried out in retaliation for a deadly missile strike on a school in the Iranian city of Minab, although the circumstances surrounding that event remain disputed.

Security researchers say the attack appears to have involved unauthorised access to Stryker’s internal systems rather than a traditional ransomware campaign. The company has reported no evidence of malware or ransomware within its networks, though investigators are still assessing the full scope of the breach.

The hackers claimed they had extracted large quantities of company data and wiped corporate devices across parts of the organisation’s global network. These claims have not been independently verified, but experts say the scale of the disruption demonstrates the growing capability of state-aligned cyber groups to target major healthcare technology suppliers.

Supply chain resilience under scrutiny

The incident has reignited debate about cybersecurity risks within healthcare supply chains. While many NHS organisations have strengthened their internal cyber defences in recent years, attacks on third-party suppliers remain a major vulnerability. Hospitals depend on a complex ecosystem of technology vendors, device manufacturers and digital service providers. A successful cyberattack on any part of that network can create operational disruption even if the hospital’s own systems remain unaffected.

Procurement experts say the Stryker incident illustrates how cyber risks can quickly translate into clinical supply concerns. In this case, trusts were forced to review contingency plans and source equipment from alternative suppliers to ensure essential services were not interrupted. The event also echoes previous cybersecurity crises that affected the NHS indirectly through technology dependencies. The 2017 WannaCry ransomware outbreak, for example, disrupted hospital operations across England by exploiting vulnerabilities in widely used software infrastructure.

Growing cyber threat to healthcare infrastructure

Cybersecurity analysts warn that healthcare technology companies may increasingly become targets in geopolitical cyber conflicts. Hospitals, medical suppliers and pharmaceutical companies operate large digital ecosystems and hold valuable operational data, making them attractive targets for cyber actors seeking disruption or strategic leverage. Experts say the Stryker attack reflects a broader shift in cyber warfare, where critical commercial infrastructure, including companies that support healthcare systems may be targeted during international tensions.

For NHS organisations, the incident serves as a reminder that cyber resilience extends beyond hospital networks to the wider digital supply chain that supports clinical care. Strengthening vendor cybersecurity standards, monitoring supply risks and improving contingency planning are likely to become increasingly important as health systems rely more heavily on connected medical technologies and global suppliers.

‍