Iran-linked attack hits trusts’ supplies
At least two trusts have declared incidents after a cyber attack on a key supplier, HSJ understands.
An Iran-linked group appears to have claimed responsibility for the attack on medical device supplier Stryker, saying it was a response to a bombing that killed dozens of children in the town of Minab.
The US firm was attacked on Wednesday evening and local NHS procurement teams spent Thursday determining what the impact would be on trusts that buy orthopaedic implants, defibrillators, ambulance trolleys and other products from the company.
Sources at two acute trusts confirmed they had declared incidents due to the supply concerns, but they did not want to be identified. So far trusts have been able to obtain equipment needed urgently from elsewhere after implementing their business continuity plans.
National NHS bodies have set up an incident team to manage supply disruption, but have not declared a national critical incident.
The company, whose UK and Ireland branches turned over nearly £500m sales last year, said the incident had “caused disruptions to order processing, manufacturing and shipping”.
Stryker said the disruption stems from a cybersecurity attack targeting its Microsoft environment but that it has no indication of ransomware or malware and believes the incident has been contained.
The American Hospital Association said it has not identified any direct disruptions to U.S. hospital operations. John Riggi, the AHA’s national adviser for cybersecurity and risk, told Becker’s on the 12 March the organisation is actively exchanging information with hospitals and the federal government as the situation develops.
Read full story (paywalled)
Source: HSJ, 13 March 2026