Eight current and former Stryker employees have voluntarily dismissed their consolidated class action lawsuit against the medtech giant over a March 2026 cyberattack attributed to the Hamdala ransomware group. The dismissal came roughly a week after Stryker filed a motion to dismiss, arguing its investigation found no evidence that employee personally identifiable information was compromised in the attack.
What happened
Stryker, a global leader in medical technology and surgical equipment, was hit by the Hamdala ransomware group in March 2026 in an attack that disrupted operations at the company’s manufacturing and distribution facilities. The breach exposed employee data and forced Stryker to temporarily halt certain production lines, creating ripple effects across hospital supply chains that depended on Stryker’s orthopedic implants and surgical instruments.
The class action lawsuit, filed in federal court on behalf of affected employees, alleged that Stryker failed to adequately protect their personal information from the intrusion. However, following the company’s internal investigation, the plaintiffs agreed to drop the claims voluntarily — a outcome that avoids a protracted legal battle while the company focuses on post-incident remediation.
Why it matters for healthcare
The Stryker attack is part of a broader trend of ransomware groups targeting medical device and pharmaceutical manufacturers. When production lines at these companies are disrupted, hospitals face critical shortages of implants, instruments, and supplies. The Hamdala group, which has increasingly targeted the healthcare sector, compromised Stryker’s systems through an exploited VPN vulnerability — a common attack vector in healthcare-related breaches. Healthcare CISOs should monitor this case closely as it signals how ransomware liability litigation may evolve for medical technology firms.
Key takeaways for healthcare security teams
- Medical device and supply chain companies remain prime ransomware targets with direct patient care impact
- Finding no evidence of data compromise can strengthen defense against class action litigation, but does not eliminate regulatory exposure under HIPAA
- VPN vulnerabilities continue to be the leading initial access vector for healthcare-targeting ransomware groups
- Manufacturing disruption at medtech firms creates immediate downstream consequences for hospital operations
Stryker has stated it continues to strengthen its cybersecurity posture and has implemented additional safeguards to prevent future incidents. The dismissal of the class action does not preclude potential regulatory action by state or federal authorities.
