On March 11, 2026 Stryker, a global medical-technology company operating in roughly 60 countries, reported a cybersecurity attack that was disrupting its global Microsoft environment. The company impacts more than 150 million patients annually and recorded $25.1 billion in 2025 global sales. Against that backdrop, Stryker's March 2026 cyberattack had a significant operational dimension. The company reported a global disruption to its Microsoft environment and later identified impacts to order processing, manufacturing, and shipping, while repeatedly stating that its products — including connected and life-saving technologies — remained safe to use.
The published timeline
Here's a summary of the information about the attack that was published by Stryker on their website:
What small businesses should take from this
There are valuable insights even small businesses can take away from the incident. One of the most significant is that cloud hosting does not guarantee security and availability. There are practical information-security steps that need to be taken — regardless of where workloads run.
Download our whitepaper to see what small businesses can learn from the attack on Stryker, and how the same questions translate into a working program for organizations a fraction of Stryker's size.
Copyright © 2026 Purple Dragon Cybersecurity B.V. All rights reserved. This publication is provided for general informational purposes only and does not constitute legal, regulatory, audit, or cybersecurity advice. References to third-party organizations, products, frameworks, or incidents are provided for commentary and educational purposes and do not imply endorsement, sponsorship, or affiliation.
