The U.S. Cybersecurity and Infrastructure Security Agency, which oversees cybersecurity work in the United States, urged companies to strengthen security for device management systems after pro-Iran hackers infiltrated medical device company Stryker’s systems and remotely wiped tens of thousands of employee devices.
In a statement on March 19 local time, CISA confirmed that hackers accessed Stryker’s Windows-based network and then attacked its endpoint device management system. This caused ongoing disruption to Stryker’s global operations.
CISA recommended that network administrators configure device management systems such as Microsoft Intune to require approval from two administrators when carrying out sensitive or high-impact actions such as resetting devices. Stryker was using Intune to remotely manage employee devices.
Stryker, which develops hospital medical devices and equipment, officially confirmed the hacking damage on March 11 and said it was experiencing global network disruptions. The hackers did not distribute malware or ransomware. Instead, they accessed Stryker’s internal systems and remotely deleted data stored on tens of thousands of devices, including employees’ personal mobile phones and computers, via the Intune dashboard.
Chi-gyu Hwang
delight@d-today.co.kr