.2

Customer Update: Stryker Network Disruption

03/23/2026

Our internal teams continue to work around the clock with external partners to make meaningful progress on our restoration efforts. We are grateful for the partnership and collaboration with government agencies and industry partners.

We believe the incident is contained, and we are prioritizing restoration of systems that directly support customers, ordering and shipping. Our internal teams, in partnership with third-party experts, reacted quickly to not only regain access but to remove the unauthorized party from our environment.

Early in our investigation, we believed there was no indication of ransomware or malware. Further into the course of our investigation, alongside Palo Alto Networks Unit42 and other experts, we identified that the threat actor used a malicious file to run commands which allowed them to hide their activity while in our systems. To be clear, this file was not capable of spreading — either inside or outside of our environment. Most importantly, at no point has our investigation identified malicious activity directed towards our customers, suppliers, vendors or partners. Unit42’s latest findings are included in a General Assurance Letter we received, which can be found here. This letter reaffirms our belief that this incident is contained and that analysis has not identified any evidence of the threat actor accessing customer, supplier, vendor and partner systems as a result of this incident.

There is nothing more important to us than the customers and patients we serve, and we recognize the criticality of every procedure to every patient. We are working closely with our global manufacturing sites as operations continue to stabilize. Manufacturing capability is ramping quickly as critical lines and plants are brought back online, prioritizing patient needs. This is a 24/7 effort and the first priority of our entire organization.