Cyberhealth: When Trusted Systems Become the Weak Link

By exploiting identity access and endpoint management systems, attackers demonstrated how a single breach can ripple across production, logistics, and service—reshaping how OEMs must think about cybersecurity.

Andy Lomasky
Mar 27, 2026
Stryker Incident

A recent cyberattack on medical technology company Stryker is drawing attention across industries. This was not a new vulnerability or sophisticated malware – this breach occurred because attackers used a trusted system to cause widespread disruption.

For PMMI members, this incident is worth understanding. Many organizations rely on similar tools to manage computers, workstations, mobile devices, and users, and the lessons here apply broadly across manufacturing, packaging, and supply chain environments.

What happened?

According to public reporting and CISA guidance, attackers gained access to Stryker’s environment and leveraged Microsoft Intune, a widely used endpoint management platform.

Once inside, they were able to:

  • Compromise an administrative account
  • Escalate privileges by modifying administrative access
  • Use Intune’s built-in capabilities to remotely wipe large numbers of devices
  • Potentially access or exfiltrate sensitive data beforehand

Most importantly, the attackers didn’t need to deploy malware or exploit a software vulnerability. They used legitimate administrative tools to carry out the attack.

Why is this attack different?

This incident highlights a growing shift in cyberattacks; rather than breaking systems, attackers are increasingly abusing trusted platforms once they gain access.

Endpoint management tools like Microsoft Intune are designed to:

  • Deploy software
  • Enforce policies
  • Monitor device health
  • Reset or wipe devices

Those same capabilities, in the wrong hands, can be used to disrupt operations at scale, which is exactly what happened. For organizations managing fleets of workstations, laptops, mobile devices, or remote endpoints, these platforms serve as a powerful yet potentially risky control layer.

Why it matters for packaging and processing

Many companies in the packaging and processing industry use tools like Intune, ServiceNow, Workspace ONE, or other device management platforms to support their remote and hybrid workforces, field service teams, plant floor systems connected to corporate networks, and BYOD (bring-your-own-device) environments.

If compromised, these systems could:

  • Disrupt operations by wiping or locking devices
  • Push unauthorized configurations
  • Impact production, logistics, and customer-facing systems

This makes endpoint management platforms a critical part of your security architecture, not just a convenience.

How to reduce risk

The Stryker incident reinforces several foundational security practices that every organization should revisit:

  • Limit Administrative Access - Review who has administrative privileges in your endpoint management and identity platforms. Apply the rule of least privilege and remove access that is no longer needed.
  • Require Strong Authentication - Ensure multifactor authentication (MFA) is enforced for all administrative/privileged accounts, and consider stronger, phishing-resistant methods where possible.
  • Introduce Safeguards for High-Risk Actions - Actions like device wipes, major policy changes, or role assignments should not rely on a single account. Where possible, implement approval workflows or additional controls.
  • Audit and Monitor Activity - Regularly review logs and alerts for unusual administrative behavior, such as new account creation, privilege escalation, or bulk device actions. If possible, set up alerts on things like privilege escalation so these actions can be caught quickly if unauthorized.

The bigger lesson

The Stryker attack is not just about one company or one tool; it reflects the broader reality that the greatest risk is often not a technical vulnerability: it’s what attackers can do once they gain access. By focusing on access control, visibility, and governance of powerful systems like endpoint management platforms, organizations can significantly reduce the likelihood and impact of this type of attack.

For PMMI members, this is a good moment to pause and ask your IT departments a few practical questions:

  • Who has administrative access to our endpoint management tools and cloud platforms?
  • Are high-risk actions controlled and monitored?
  • Could a single compromised account impact our entire device fleet the way Stryker’s did?

If the answers are unclear, that’s a strong signal to take a closer look.

Companies in this article
PMMI
The packaging innovations from PACK EXPO worth your attention.
Recommended
The packaging innovations from PACK EXPO worth your attention.
Discover Leading Suppliers
Recommended
Discover Leading Suppliers
Packaging World Annual Outlook Report 2026
Recommended
Packaging World Annual Outlook Report 2026
Related Stories
Siemens White Paper
Home
PMMI
Jbb6 Va1m 720
Workforce
Workforce Survey: CPGs Shift Strategies in Hiring and Training
Charlotte Ashcraft is the Senior Manager, Packaging & Graphics Development at Just Born.
Confection/Candy
Prominent People in Packaging: Driving Innovation Across Sustainability, Automation, and Brand Experience at Just Born
Smarter Case Marking
Sponsor Content
Smarter Case Marking
Machinery Basics
View More »
Maxresdefault 66607e2784d69
Bag/pouch fill/seal (pre-made bags)
How Products are Loaded and Sealed into Pre-Made Bags and Pouches
Pt 26 5 Wrapping Equipment Final 00 00 01 11 still001
Flow wrapping
Learn About 4 Different Types of Wrapping Machines for Your Product
Pt 26 4 Labeling Machines Thumbnail
Labeling
Learn About 10 Different Types of Labeling Machines for Your Product
Multipacking Equipment
Multipacking/shrink bundling/banding
What is Multipacking and How Do Brands Do It?
View More »
Top Stories
Speakers at Automate’s Humanoid Robot Forum Tuesday highlighted the realities, considerations, and benefits of deployment in industrial settings.
Operational Excellence
Live from the Humanoid Robot Forum Day One: Onboard Safety Monitoring, Industrial Settings as a Training Ground, and Human-Like Hand Grippers
Speakers at the Automate 2026 Humanoid Robot Forum Tuesday discussed how safety systems, training through industrial deployment, and use cases for human-like hand grippers could shape humanoid robots’ path from emerging technology to practical factory-floor automation.
Sumay, a humanoid powered by OpenMind's software, draws a crowd at Automate 2026's Humanoid Robot Pavilion. The engineering impresses, but bipedal humanoids remain a few cycles away from the packaging floor.
Robotics
Physical AI Dominates Automate 2026’s Opening Day, While Humanoids Steal the Show Floor
Chat Gpt Image Jun 22, 2026, 11 42 02 Am
Recycling
Packaging’s Part in the Ultra-Processed Food Debate
Post Gs1 Screen
Package design
End of the Line Video Series: GS1 Connect Recap and a Look at PRS
Smarter Case Marking
Sponsor Content
Smarter Case Marking
Need help with your packaging project?
We’ve done the legwork to identify and vet experienced packaging and processing consultants you can contact directly for your next project. Decades of combined experience in packaging line engineering, machinery selection, package and materials development, and food processing operations.
See your advisor options now.
Need help with your packaging project?
Products
Piab Bcp40
Vacuum Suction Cups
Piab's new BCP suction cups boost reliability and efficiency in automated handling.
Bradman Lake Showcases Next-Gen Packaging Automation at PACK EXPO International 2026
Dexterous Robotic Gripper
More Products
In Print
Packaging World May/June 2026
May/June 2026
Packaging World March/April 2026
March/April 2026
Packaging World Jan/Feb 2026
Jan/Feb 2026
Packaging World PACK EXPO EAST 2026
PACK EXPO EAST 2026
SubscribeArchives
Downloads
View More »
Hero Shot
Sustainability
SPC Impact 2026 Examines Packaging's Path Forward
Pw Rfid Ebook Hero Shot Half
Labeling
RFID, QR, and NFC: Labeling for connected packaging
Hero Shot
E-commerce/D2C packaging
What Walmart, Amazon, and Google Know About the Future of Safe Package Transit
Sunrise 2027
Coding & Marking
Inside Sunrise 2027: Packaging’s Role in the Digital Shelf Revolution
View More »