The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to companies to secure systems managing their fleets of employee devices following a breach by pro-Iran hackers into medical tech giant Stryker, resulting in the mass-wiping of thousands of phones, tablets, and computers.
The agency announced on Thursday its urging for companies to act, confirming hackers exploited access to Stryker’s Windows-based network, misused its device endpoint systems, and caused ongoing outages to global operations.
CISA advised network administrators to ensure user accounts with system access, like Microsoft Intune used by Stryker to manage employees’ devices, require a second administrator’s approval for sensitive changes like wiping devices.
Stryker, a developer of medical devices and equipment, confirmed on March 11 it was hacked, experiencing “global disruption” to its network.
The hackers did not deploy malware or ransomware but reportedly abused access to Stryker’s internal systems, using Intune dashboards to remotely delete data on tens of thousands of employee devices, including personal phones and computers on Stryker’s network.
Stryker stated it contained the attack and is restoring systems. While medical devices remain operational, supply, ordering, and shipping systems are still offline.
No timeline for recovery was provided, and Stryker did not respond to TechCrunch’s comment request.
Pro-Iran hacktivists known as Handala claimed responsibility for the cyberattack, citing retaliation for the U.S. air strike in Iran. They claimed to have stolen data but offered no immediate evidence.
The FBI seized Handala’s website on Wednesday, according to TechCrunch reports.