Stryker cyber attack ‘fully contained’ as Cork staff return to repair computers

Stryker chief executive Kevin Lobo said the cyber attack has now been “fully contained” and that the company is “in the restoration phase".

“We believe that this attack did not involve ransomware or malware, meaning there is no risk of system contamination," Mr Lobo said in a statement.

“Our employees and our sites are safe. Our products and our customers are also safe. Our teams are working closely with customers, government partners, and third-party experts to maintain business continuity.”

Mr Lobo said the impact of the cyber attack was limited to the company’s internal Microsoft environment.

“There will be additional steps in the coming days as we complete the recovery process, but I am confident that we will emerge from this stronger," he said.

“Moments like this test organisations, but they also reveal their strength. I’m incredibly proud of how our Stryker teams have come together, supporting one another and our customers, while staying focused on safety, quality, and our mission to make healthcare better.

“The work we do supports a global healthcare system that patient’s and clinicians rely on every day.”

Mr Lobo also thanked staff for their resilience during the cyber attack.

“While we never want situations like this to occur, we plan for these moments. Our mitigation protocols were quickly activated to protect our employees, our sites, and most importantly, our customers and the patients they serve,” he said.

Martin: Cyber attack should act as 'wakeup call'

The cyber attack on Stryker is "shocking" and should act as a "wakeup" call for some politicians, Taoiseach Micheál Martin has said.

Speaking at Fota House after the UK-Ireland summit, Mr Martin said: "I think it's quite shocking, but it's an illustration of how severe the threats are. Sometimes people perhaps don't realise the severity and impact of such cyber attacks, and this is a very modern company, providing thousands of jobs in Ireland and in Cork in particular. 

"And the idea that people can't go to work because of an attack of this nature, I think, brings home the reality of the threats that are out there to our economy and to our economic security. And it's very, very serious.

"We have heard the reports and people talking about an Iranian-backed hacking exercise here, which is extremely worrying. It's not a surprise that we have state actors in this field. Different state actors have been involved for quite some time... in foreign countries and the UK had similar experiences with manufacturing companies, which had an impact on their GNI figures that came out last year."

Mr Martin said  there was "a disconnect" in politics around the issues of cybersecurity. "The political world needs to wake up around us in terms of the threats to our economic activity," he said.

Foreign affairs minister Helen McEntee, speaking at the UK-Ireland summit, said justice minister Jim O'Callaghan would be bringing forward legislation which would require companies that fall victim to cyber attacks to notify the Government. She did not say if she would raise the issue with the Iranian ambassador in Ireland.

Tánaiste Simon Harris said he wanted companies which "locate in Ireland and invest in Ireland... to know this is something that we take extraordinarily seriously as a country".

Iranian links

An Iranian-linked hacktivist network known as Handala has claimed responsibility for the attack.

The group said the attack on Stryker was retaliation for the “brutal attack on the Minab school” in Iran, which it said killed more than 175 civilians, many of them children. The United States has been blamed for the bombing.

The attack on Stryker was a “wiper” attack, designed to destroy IT systems and their data. Such attacks are typically politically, rather than financially, motivated.

Help desks have been set up at all Stryker facilities to help staff regain access to their computers. Employees brought their computers back on site this morning to be repaired.

“Laptops are slowly being fixed,” one worker said.

Despite the IT breach, payroll has not been affected and staff are expected to be paid on time, the Irish Examiner understands.

Stryker employs about 5,000 people in Ireland and more than 56,000 worldwide. The company’s Dublin server remained down on Thursday evening, preventing production from restarting.

However, with a skeleton staff on site on Friday, the company said it could quickly ramp up operations once functioning servers were restored.

Employees whose laptops showed only a blue screen — an indication the device had been hacked — were told not to engage with any IT systems.

However, staff with functioning laptops were told on Thursday that they could log on. Production machines were being prioritised for repair.

Employees with mobile devices were told they could get back online on Thursday using the Outlook and Teams apps.