Boardroom Alpha
Start trial
8-K primary document
SYK · Current Report (Form 8-K) · Filed March 23, 2026

Stryker Corp8-K exhibit

d94012dex991.htm
Stryker Corp on Boardroom Alpha
EX-99.1

Exhibit 99.1

 

LOGO

March 20, 2026

Stryker Corporation

 

Att:

David Nathans, Vice President, Chief Information Security Officer

Subject: Stryker Corporation Partner and Customer Connections to the Stryker Environment

Mr. Nathans,

Per your request, Palo Alto Networks Unit 42 hereby issues this letter as a status update on Unit 42’s services assisting Stryker Corporation (Stryker) to provide, at your direction, Digital Forensics and Incident Response (DFIR) services in relation to a security compromise involving impacts to Stryker’s Entra ID environment, servers, and workstations (“Security Incident”).

Scope of Work

As part of the completed activities for this engagement, Unit 42 has worked with Stryker’s technical teams to perform the following:

 

   

Threat Hunting & Forensic Analysis: Conducted deep-dive analysis of endpoint forensic images, network logs, and identity infrastructure (including Entra ID/Active Directory) to identify indicators of compromise (IOCs) and evidence of unauthorized access.

   

Containment & Eradication: Identified and neutralized suspected malicious binaries and unauthorized persistence mechanisms.

   

Infrastructure Review: Reviewed available forensic evidence from, and the security of critical business process flows within, the Stryker corporate environment.

Current Findings and Assurance

As of 2026-03-20, 15:20 UTC, based on the forensic evidence reviewed and the threat hunting activities performed across the environment:

 

  1.

No Persistent Activity Identified: Unit 42 has found no current evidence of active, uncontained, persistent unauthorized access within the Stryker environment.

  2.

Eradication of Identified IOCs: All known indicators of compromise associated with this specific incident have been successfully identified and addressed.

  3.

Remediation Validation: Stryker has engaged Microsoft to assist with recovery of the identity infrastructure and has reported that existing accounts have been secured. Unit 42 is supporting Stryker and Microsoft in these efforts. Additionally, with guidance from

LOGO

 

  Unit 42, Stryker is rebuilding impacted systems or restoring from backups predating the known window of compromise to further prevent threat actor re-entry. Those impacted systems not yet rebuilt/restored, have been isolated from the network.

Conclusion

As of the date of this letter, within the scope of our services, Unit 42 has not identified evidence of unauthorized activity related to the Security Incident since 2026-03-11. Currently available evidence indicates that the identified unauthorized activity has been contained and the immediate risk to Stryker’s operational environment has been mitigated. At your direction, Unit 42 will continue to monitor the environment as part of its analysis and threat hunting phases.

The information provided in this status update letter may be subject to change based on the continued performance of Unit 42’s services. Unit 42 shall not be responsible or liable for any reliance on the contents of this letter by any third party.

Sincerely,

 

LOGO

Troy Bettencourt

 

VP, Digital Forensics and Incident Response Palo

Alto Networks | Unit 42 | 941.447.1030

    LOGO
Disclaimer

The opinions and information contained herein have been obtained or derived from sources believed to be reliable, but Boardroom Alpha cannot guarantee its accuracy and completeness, and that of the opinions based thereon.

This report contains opinions and is provided for informational purposes only – it does not constitute investment, legal or tax advice. You should not rely solely upon the research herein for purposes of transacting securities or other investments, and you are encouraged to conduct your own research and due diligence, and to seek the advice of a qualified securities professional before you make any investment.

None of the information contained in this report constitutes, or is intended to constitute a recommendation by Boardroom Alpha of any particular security or trading strategy or a determination by Boardroom Alpha that any security or trading strategy is suitable for any specific person. To the extent any of the information contained herein may be deemed to be investment advice, such information is impersonal and not tailored to the investment needs of any specific person.

No representation or warranty, expressed or implied, is made on behalf of Boardroom Alpha as to the accuracy or completeness of the information contained herein. Boardroom Alpha does not accept any liability for any direct, indirect or consequential loss or damage suffered by any person as a result of relying on all or any part of this research and any liability is expressly disclaimed.

Full disclaimer