Stryker, the Michigan-based medtech provider, said in a regulatory filing that the March cyberattack that temporarily disrupted the company’s manufacturing, ordering and shipping operations had a material impact on its first-quarter earnings. 

The March 11 incident, which the Iran-backed threat group named Handala took responsibility for, was a wiper attack abusing the company’s Microsoft Intune environment. The attackers wiped data from thousands of company devices and briefly disabled Stryker’s electronic ordering systems. 

The U.K.’s National Health Service issued an update in March noting that certain orders from Stryker in the days after the attack were impacted and an interim ordering system was set up.

Stryker said it is now fully operational across its global manufacturing network and has also restored all ordering and shipping capabilities, according to the amended filing with the Securities and Exchange Commission.

As part of its investigation of the incident, which resulted from hackers inserting a malicious file, Stryker has been working with law enforcement and forensic experts at Palo Alto Networks.  

Before making the determination about the financial impact, Stryker said it reviewed several factors, including the scope and duration of the operational disruption, the impact on internal systems and the impact on customers, as well as regulatory issues.

The company did not provide specifics on the expected financial effect, but said it does not anticipate the attack will have a material impact on full-year earnings. 

Stryker is scheduled to report earnings on April 30.

The company in January said it expected adjusted earnings for 2026 to be between $14.90 and $15.10 a share. 

Stryker also said it expected organic sales growth for the year to range between 8% and 9.5%