The Stryker “Device Wipe”: When the Operating Room Went Dark

The first call came at 6:12 AM Eastern on January 14, 2026, from the IT director of a hospital in Nashville.

The Stryker Mako SmartRobotics system in Operating Room 3 had gone unresponsive overnight. Not crashed — unresponsive. The system’s touchscreen showed a solid white display. The joint replacement procedure scheduled for 7:30 AM was going to have to be postponed. The IT director had called Stryker’s support line and had been put on hold for twenty-two minutes. While on hold, he had checked the Stryker SmartLink device management portal and found it unreachable.

By 6:45 AM, similar calls were coming in from St. Louis. San Diego. Toronto. Minneapolis. Detroit. Within an hour of the Nashville call, Stryker’s operations center was logging simultaneous device failure reports from 340 hospitals across North America.

The Mako robots were offline. The Neptune waste management systems were offline. The Triathlon navigation systems were offline. The ProCuity connected hospital beds — which monitored patient position, weight, and fall risk — were offline. In dozens of hospitals, the device management infrastructure that linked these systems was returning a single error code: FW_ERR_VERIFY_FAIL. Firmware verification failure.

The devices had not crashed. They had been wiped.

What Stryker Is — And What It Connects

Stryker Corporation is one of the three largest medical device companies in the world, with operations in over 100 countries and annual revenue exceeding $22 billion. Unlike pharmaceutical companies, Stryker makes things you can see and touch: surgical robots, joint replacement implants, trauma fixation hardware, endoscopes, hospital beds, stretchers, patient monitoring systems, and the surgical navigation systems that guide orthopedic and neurosurgical procedures.

The specific products at the center of the attack were part of Stryker’s SmartLink connected device ecosystem — a network management platform that Stryker had been building since 2019, connecting operating room equipment to a centralized device management infrastructure. SmartLink served two purposes: operational management (monitoring device health, usage logs, maintenance scheduling) and over-the-air firmware updates, which Stryker used to deploy feature enhancements, safety patches, and regulatory compliance updates to devices installed at customer sites.

By January 2026, approximately 34,000 SmartLink-connected devices were deployed at hospitals in North America, Australia, and Western Europe. The SmartLink architecture was a hub-and-spoke model: each hospital ran a local SmartLink Gateway device that managed the on-premises device network and received updates from Stryker’s central SmartLink Distribution Service — the cloud-hosted platform that authenticated gateways, controlled update policies, and pushed firmware packages to connected devices.

The SmartLink Distribution Service was the single point of trust for every device in the ecosystem. If an attacker could place malicious firmware on that service and trigger its distribution, they could push destructive code to 34,000 medical devices simultaneously, across 340 hospitals, with the full authority of Stryker’s legitimate update infrastructure.

That was exactly what happened.

The Compromise: Spear Phishing into the DevSecOps Pipeline

Forensic reconstruction by Mandiant (retained by Stryker within hours of the incident) traced the initial compromise to December 2, 2025 — forty-three days before the detonation.

The entry point was a Stryker DevSecOps engineer in the company’s Kalamazoo, Michigan development center — one of the engineers responsible for the SmartLink Distribution Service’s build and deployment pipeline. The engineer received a targeted spear-phishing email that appeared to be a LinkedIn message notification from a known professional contact, redirecting through a convincing lookalike domain to a credential harvesting page.

The engineer entered their Stryker single sign-on credentials. The attacker now had authenticated access to Stryker’s internal engineering environment.

The spear phishing email was later analyzed by Mandiant and assessed as consistent with Sandworm’s known tradecraft — specifically, the use of lookalike professional networking domains and credential harvesting infrastructure that had been linked to Sandworm operations in prior incidents, including the Olympic Destroyer attack against the 2018 Pyeongchang Winter Olympics.

Sandworm (GRU Unit 74455) — Russia’s most destructive cyber unit, responsible for NotPetya, the Ukrainian power grid attacks, and Olympic Destroyer — had a documented track record of compromising software and firmware update mechanisms as force-multiplication attack surfaces. The 2024 assessment of Sandworm’s doctrine, published jointly by CISA and NCSC-UK, specifically identified medical device OT infrastructure as a category of interest for Russian pre-positioning operations.

Lateral Movement and the Build Pipeline

From the compromised engineer’s SSO session, the attacker conducted a lateral movement campaign across Stryker’s internal development network over three weeks, moving carefully and targeting specific systems:

Week 1 (Dec 2–9, 2025): Stryker’s internal JIRA ticketing system and Confluence documentation were accessed, providing the attacker with architectural diagrams of the SmartLink Distribution Service, including the firmware packaging format, the code-signing infrastructure, and the gateway authentication mechanism. The attacker identified that SmartLink firmware packages were signed with a Stryker-issued code-signing certificate stored in a hardware security module (HSM) — but also identified that the automated build pipeline had access to an HSM signing agent for CI/CD purposes, and that access to the build pipeline therefore implied access to the signing agent.

Week 2 (Dec 10–17, 2025): The attacker pivoted from the engineer’s workstation to Stryker’s GitLab CI/CD environment using cached credentials found in a local .netrc file. Access to the CI/CD environment provided the ability to inspect, and ultimately modify, the automated build pipeline for SmartLink firmware packages.

Week 3 (Dec 18–31, 2025): The attacker observed the SmartLink firmware packaging process across several legitimate update builds. They identified the specific pipeline step at which firmware packages were assembled and signed, and they studied the format of SmartLink Gateway authentication tokens — which determined whether a gateway would accept and install an incoming firmware package.

By January 1, 2026, the attacker had two things: access to the CI/CD signing pipeline, and a complete understanding of the SmartLink Distribution Service’s trust model. They had not yet touched a firmware package. They were waiting for the right moment.

The Payload: What the Wipe Did

On January 12, 2026, the attacker introduced a malicious firmware payload into the SmartLink build pipeline. The payload was not ransomware. It was not espionage. It was a firmware wiper — a targeted destructive tool that, when executed on a SmartLink Gateway, would:

1. Erase the gateway’s firmware partition and bootloader
2. Send a firmware update distribution command to all connected devices on the local hospital network
3. Push a minimal malicious firmware package to each connected device that would erase the device’s application firmware while leaving the hardware diagnostic mode active — making the device appear functional while rendering it clinically useless
4. Delete all local logs that might support forensic reconstruction of the attack chain

The payload was assembled as a legitimate SmartLink firmware package, signed with Stryker’s HSM-backed code-signing certificate via the compromised CI/CD pipeline, and uploaded to the SmartLink Distribution Service’s staging environment.

The attacker configured it to deploy automatically to all connected SmartLink Gateways at 4:00 AM Eastern on January 14, 2026 — midweek, early morning, timed for maximum disruption when hospitals were preparing for the day’s surgical caseload.

At 4:00 AM, the Distribution Service pushed the package. Every SmartLink Gateway in North America authenticated it — the signature was valid, the package was from the right server, the update command was properly formatted. Every gateway installed it. Every gateway then distributed the device-level wiper to the 34,000 connected devices on their hospital networks.

By 5:30 AM, before most surgical teams had arrived at work, the operating rooms were already dark.

The Impact: 4,800 Surgeries Cancelled, Six Adverse Events

The impact was immediate, widespread, and physically consequential in ways that previous infrastructure cyberattacks had only threatened.

Surgical operations: Across 340 hospitals, 4,800 scheduled surgical procedures were cancelled or postponed on January 14 and the following three days while Stryker worked to determine the scope of the compromise and restore devices. Mako SmartRobotics had been deployed primarily for total knee, total hip, and partial knee replacements — elective but not trivial procedures. Patients had been fasting since midnight, had arranged transportation, had taken time off work. 4,800 procedures were deferred, rescheduled across weeks-long backlogs.

Life-critical devices: The ProCuity hospital beds were designed with fall-risk monitoring and patient weight tracking that fed into nursing care workflows. In twelve hospitals, bed system failures triggered silent alarm system conflicts that required manual nursing override — adding workload to already-strained overnight nursing staffs. In four cases, patients were moved to manual monitoring procedures, which Stryker later confirmed had been appropriate clinical responses.

Adverse events: The FDA’s MedWatch adverse event reporting system received six reports linked to the Stryker device outage by February 2026. The reports involved:

• Two patients whose orthopedic navigation systems went offline during procedures that had begun before the wipe propagated to devices in their operating rooms, requiring surgeons to complete procedures using manual anatomical landmarks rather than robotic guidance
• Three patients whose post-operative bed monitoring systems failed, requiring manual vital sign checks rather than continuous automated monitoring
• One patient whose infusion pump lost its programmed profile during a complex post-surgical drip management sequence, requiring manual recalculation by a pharmacist

None of the six adverse events resulted in confirmed patient deaths. Stryker and the hospitals involved disputed the causal link between the device outage and two of the adverse event reports. The FDA opened investigations into all six.

Stryker’s Response and the Twelve-Day Recovery

Stryker activated its incident response plan within two hours of the first device failure calls. The company retained Mandiant, contacted the FBI Cyber Division and CISA, and immediately shut down the SmartLink Distribution Service to prevent any further payload distribution.

The recovery problem was significant: 34,000 devices had had their firmware erased. Each device had to be physically reflashed via a direct service connection — the SmartLink remote management channel was no longer usable precisely because it had been the attack vector. Stryker mobilized its entire field service organization — over 3,000 field service engineers globally — and established emergency service protocols with hospital biomedical engineering departments.

The firmware restoration required twelve days to complete across the full affected population. Hospitals prioritized their most critical devices; elective surgical capacity was restored incrementally over that period.

The code-signing infrastructure was revoked and rebuilt with an architecture that segregated the HSM signing agent from the CI/CD automation pipeline — a design change that required reissuing code-signing certificates to all SmartLink-connected infrastructure globally.

The Attribution: Sandworm’s Fingerprints

CISA and the FBI published a joint advisory on February 3, 2026, attributing the Stryker attack with high confidence to Sandworm (GRU Unit 74455).

The attribution rested on multiple forensic indicators:

• Infrastructure overlap: The command-and-control domain registered for the compromised engineer’s credential harvesting had previously been flagged in a 2025 NCSC-UK Sandworm infrastructure tracking report
• Tooling signatures: The lateral movement tools used within Stryker’s network matched code signatures previously associated with Sandworm operations (specifically tooling components attributed to their Industroyer2 framework)
• Payload architecture: The firmware wiper’s structure — specifically the bootloader erasure sequence and the log deletion routine — was assessed to share development lineage with wiper tools deployed in Sandworm’s 2022 attacks against Ukrainian satellite communications infrastructure
• Timing and context: January 2026 followed a period of escalating Russian geopolitical pressure in the Baltics and renewed tensions over the supply of US military medical equipment to Ukrainian forces — medical device supply chain disruption consistent with a strategic signal

The attribution to Sandworm meant the Stryker attack represented a qualitative escalation in Russia’s use of destructive cyber operations: from critical infrastructure pre-positioning (power grids, water systems) to direct medical device disruption with patient impact. Previous analyses of Sandworm’s doctrine had identified healthcare as a potential target category in extremis; the Stryker attack confirmed it was an active operational choice.

Legacy: The Medical Device Security Reckoning

The FDA’s response was immediate and consequential. Within thirty days of the attack, the agency published Emergency Guidance 2026-01, requiring all medical device manufacturers with over-the-air firmware update capability to:

• Implement cryptographic code-signing segregation between automated build pipelines and production signing infrastructure
• Deploy out-of-band update verification mechanisms allowing hospitals to verify firmware package authenticity through a channel independent of the update infrastructure itself
• Maintain offline fallback firmware on all connected devices capable of surviving a remote wipe
• Report any unauthorized access to device management infrastructure to FDA within twenty-four hours

The Protecting Medical Devices from Cyberattack Act of 2026 — emergency legislation drafted within weeks of the incident — passed both chambers of Congress and was signed in March 2026. The Act extended FDA’s cybersecurity authority to require pre-market cybersecurity assessments for all connected medical devices, mandatory post-market monitoring, and coordinated vulnerability disclosure programs. It also created a Medical Device Cyber Defense Fund — $2 billion over five years — for hospital-level medical device security infrastructure.

The Stryker attack is already being compared to NotPetya in its demonstration of a principle that the critical infrastructure security community had warned about for years: an attack on a manufacturer’s update infrastructure is simultaneously an attack on every customer that trusts it. NotPetya used M.E.Doc’s accounting software update mechanism. The Stryker wipe used SmartLink’s device management platform. The attack surface was not the hospital. It was the trusted channel between the manufacturer and the hospital — and it was held together by a spear-phished engineer’s compromised credentials.

The six adverse event patients recovered. The 4,800 patients whose surgeries were cancelled had their procedures rescheduled and completed without permanent harm. The hospitals rebuilt their surgical backlogs over the following month.

The operating rooms came back online. But for twelve days across 340 hospitals, the devices that surgeons and nurses and patients depended on were dark — and the only thing that had made them dark was a spear-phishing email, a compromised CI/CD pipeline, and the decision of a nation-state that medical infrastructure was a legitimate target for destructive attack.

---

Attack Chain: Sandworm — Stryker SmartLink Firmware Wipe

graph TD
    A["Target Selection\nSandworm identifies Stryker SmartLink\nas single update distribution point\nfor 34,000 medical devices\nat 340 North American hospitals"] --> B["Initial Access\nDec 2, 2025: Spear phish\ntargeting Stryker DevSecOps\nengineer — lookalike LinkedIn\ndomain harvests SSO credentials"]
    B --> C["Network Reconnaissance\nAccess JIRA + Confluence\nMap SmartLink Distribution\nService architecture · code-signing\nHSM + CI/CD pipeline structure"]
    C --> D["Lateral Movement\nPivot via cached .netrc creds\nto GitLab CI/CD environment\nObserve 3+ firmware build\ncycles over 3 weeks"]
    D --> E["Pipeline Implant\nJan 12: Inject malicious\nfirmware payload into\nCI/CD signing pipeline\nSigned with legitimate Stryker cert"]
    E --> F["Scheduled Detonation\n4:00 AM Eastern Jan 14, 2026\nSmartLink Distribution Service\npushes wiper to all 340 gateways\nValid signature accepted"]
    F --> G["Device Wipe Propagation\nGateways erase own firmware\nDistribute device-level wiper\nto all connected devices\n34,000 devices wiped by 5:30 AM"]
    G --> H["Surgical Operations Collapse\n4,800 procedures cancelled\nMako robots · navigation systems\nbeds · infusion pumps · offline\n6 adverse events reported"]
    H --> I["Incident Response\nStryker shuts down SmartLink\nMandiant retained · FBI + CISA\n3,000 field engineers mobilized\n12-day physical reflash recovery"]
    I --> J["Attribution\nFeb 3: CISA/FBI joint advisory\nSandworm / GRU Unit 74455\nInfrastructure + tooling match\nIndustroyer2 lineage confirmed"]
    J --> K["Legacy\nFDA Emergency Guidance 2026-01\nProtecting Medical Devices Act\n$2B cyber defense fund\nCode-signing segregation mandated"]

    style A fill:#1a0505,color:#e0e0e0
    style B fill:#3a0808,color:#ffaaaa
    style E fill:#c0392b,color:#fff
    style F fill:#c0392b,color:#fff
    style G fill:#8e44ad,color:#fff
    style H fill:#8e44ad,color:#fff
    style K fill:#2c3e50,color:#e0e0e0