When a cyberattack disrupted programs at Stryker final month, many healthcare organizations have been compelled to confront an uncomfortable actuality: what occurs when a deeply embedded vendor abruptly goes darkish?
At Boston Youngsters’s Hospital (BCH), the reply unfolded in actual time.
Throughout a current Harvard Scientific Informatics Lecture Collection session, hospital leaders from BCH described how they quickly severed ties with Stryker’s Vocera platform, which was getting used for safe messaging, voice communication, and alert routing, and shortly arrange a brand new, Epic-based communication system inside hours, all whereas sustaining medical operations.
“It was a fairly quick and fast response,” mentioned Brian Venditelli, Director of Cybersecurity. “Inside about half-hour of the alert being known as, we had blocked emails, blocked the web site. We had turned down the wholesale providers and we had shut down any related servers and community connections.”
A Platform on the Middle of Scientific Communication
By early 2026, BCH’s reliance on Stryker’s Vocera platform was in depth. The system supported safe medical texting, voice over IP (VoIP), and the routing of alerts and alarms from bedside units. That infrastructure had taken years to construct.
“With our transition to Epic in 2024, we additionally made the transition to Stryker Vocera’s textual content and voice over IP calling,” mentioned Jonathan Hron, M.D., Affiliate CMIO. “We changed all these Spectralink telephones with iPhones and mainly rebuilt all the groups and roles and models … I believe we’ve over 1,200 role-team-unit relationships which might be constructed out in that system.”
The system enabled extremely granular communication. “You may be the doctor on the hospital medication crew on the 9 East unit, or you possibly can be the cost nurse on the 9 East unit — that’s an enormous quantity of construct,” Hron mentioned.
Crucially, Vocera additionally served as middleware for medical alerts. “If a affected person has an alert or alarm on the bedside … there’s a middleware that we use from Stryker Vocera that routes these alerts and alarms … to the top customers,” mentioned Chase Parsons, D.O., Chief Medical Officer. “It pulled the nurse’s task to a affected person from Epic … after which pushed it out to the endpoints.”
When that system went down, the influence prolonged far past messaging.
A Completely different Form of Cyberattack
Based on Venditelli, the Stryker incident stood out as a result of it didn’t observe the acquainted ransomware playbook. “This Stryker incident is definitely one of many extra attention-grabbing cybersecurity incidents … for the easy undeniable fact that it was not truly ransomware,” he mentioned. “What this was is what we name a wiper assault.”
Somewhat than deploying malware, attackers compromised administrative credentials. “They really compromised administrative credentials that primarily gave them keys to the dominion,” Venditelli mentioned.
From there, they executed large-scale destruction. They have been capable of ship a wipe command to over 200,000 endpoints, together with laptops, desktops and cellular units, and reset them to manufacturing facility settings or just delete all the things, in keeping with Venditelli. “They have been additionally capable of wipe out the vast majority of their servers and their backup infrastructure.”
The downstream results have been quick and widespread, and had vital impacts to many healthcare organizations. “All of those organizations needed to change to probably handbook processes, seemingly inside hours of the disruption,” he mentioned.
An Quick Response
BCH’s first indication got here by way of a vendor notification. Inside minutes, the hospital activated its incident response construction. “One of many issues that we did proactively as a crew was we known as an alert virtually instantly,” Venditelli mentioned. “We introduced everybody collectively as quickly as we discovered … having a vendor like Stryker closely embedded inside our infrastructure required a number of groups to get engaged all of sudden.”
The response spanned IT, cybersecurity, medical informatics and hospital operations, with parallel coordination calls throughout technical and medical management. On the identical time, the group moved shortly to isolate the risk. “We eliminated our connections with Stryker,” Parsons mentioned, which meant even its electronic mail communication between Vocera and BCH.
Inside roughly half-hour, entry was absolutely lower off, and the hospital started eradicating the Vocera utility from managed units.
By late morning, BCH had successfully misplaced its main enterprise communication platform.
A Fragmented Stopgap
Within the quick aftermath, clinicians improvised. Microsoft Groups, Zoom chat, private cell telephones, and pagers all stuffed gaps, however none provided a unified, enterprise-wide resolution.
“Our clinicians are fairly resourceful,” Hron mentioned. “Some individuals have been handing out mobile phone numbers … some individuals have been going proper to Groups or Zoom. However the problem actually turns into throughout the enterprise. If every space comes up with their very own resolution, then it doesn’t essentially work throughout models and departments.”
Management additionally needed to weigh compliance considerations. The end result was practical, however fragile, communication.
A Vital Determination: Turning on Epic Safe Chat
At the same time as stopgap measures took maintain, informatics leaders started contemplating a extra formidable transfer: accelerating a deliberate rollout of Epic Safe Chat. “I simply mentioned, ‘Hey, ought to we activate safe chat?’” Hron recalled. The system had been scheduled for implementation months later.
At first, the thought appeared unrealistic. “That was a venture … that takes six to 9 months to put in,” Parsons defined. “In order that appeared sort of far-fetched for us to do as a subsequent step.”
However one key issue shifted the calculus: the anticipated length of the outage. “A typical turnaround time for restoring providers is about 47 days,” Venditelli mentioned. “And once more, this wasn’t ransomware … that is all rebuilding from scratch. So, 47 days is perhaps on the sunshine aspect.”
That timeline made ready untenable. By late afternoon, management aligned round a daring strategy: flip it on.
“We pushed out safe chat round 5:30 pm,” Parsons mentioned, including that night, there have been about 4,070 messages despatched from 5:30 pm to midnight. Inside hours, Boston Youngsters’s had re-established safe medical messaging.
From Primary Messaging to Full Workflow Integration
The preliminary rollout was minimal — person-to-person messaging solely. However by the following day, groups started rebuilding the extra complicated, role-based communication construction that Vocera had supported.
“We replicated these [care teams] as teams inside safe chat,” Parsons mentioned. “After which you possibly can message that crew that was already assigned to that affected person in Epic.”
As a result of clinicians have been already utilizing Epic sign-in workflows, the transition was sooner than anticipated. “We do usually use that in order that we are able to establish the nurse and the first crew … it’s already sort of baked into our workflow,” Parsons defined.
Hron famous that prior investments paid off. “We went down Wednesday, and we obtained safe chat up Wednesday night time,” he mentioned. “The subsequent morning was actually after we began engaged on these teams — and that was actually crucial.”
Robust Adoption, Blended Outcomes for Voice
Safe Chat adoption was fast and widespread. “Throughout the week, it’s round 40,000 messages, in comparison with about 14,000 or 15,000 messages a day” within the prior system, Rowland mentioned.
Consumer suggestions was overwhelmingly constructive. “Our medical college students and residents cherished safe chat,” Parsons mentioned. “Individuals stored saying, ‘Please, we don’t wish to return … it’s simply so effectively built-in.’”
Voice capabilities, nevertheless, lagged behind. Whereas Epic-to-Epic calling was enabled inside a day, it lacked full integration with present telephony programs.
“If our ED will get a name from the switch middle … we are able to’t switch that decision to an Epic telephone,” Parsons mentioned. “They’ve to take a seat by a landline, or use catastrophe telephones.” In consequence, name volumes remained far under pre-incident ranges.
Ongoing Gaps
Regardless of the success of safe messaging, the lack of Vocera’s middleware created persistent challenges. “The alerts and alarms we misplaced … that middleware was the important thing to getting a message from the bedside, to the top customers,” Rowland mentioned. “Epic doesn’t have that middleware, in order that was fully misplaced.”
In its absence, workers reverted to handbook processes, which included overhead paging, telephone calls, and human intermediaries. The incident additionally prompted broader discussions round resilience.
A Shift in Cybersecurity Considering
For Venditelli, the assault underscored a crucial shift in cybersecurity threat — from perimeter defenses to identity-based threats. “It was truly no firewall failure,” he mentioned. “It was actually a failure to implement controls on the identification stage.”
In cloud environments, he famous, conventional defenses give option to entry insurance policies and identification controls, all areas that won’t obtain the identical stage of scrutiny.
From Disaster to Functionality
The Stryker cyberattack uncovered a basic vulnerability in trendy healthcare: deep reliance on third-party platforms for core medical operations.
However at Boston Youngsters’s Hospital, it additionally revealed one thing else — organizational resilience. In lower than 24 hours, the hospital:
- Shut down a crucial vendor platform
- Re-established safe medical messaging
- Started rebuilding complicated communication workflows
- Maintained continuity of care
The expertise bolstered a twin lesson. “I believe it’s each,” Hron mentioned, when requested whether or not the incident highlighted improvisation or preparation. “An incredible response to a disaster, in addition to a reminder … to consider the place safeguards and backups are wanted.”
As cyber threats evolve and more and more goal the broader healthcare ecosystem quite than particular person organizations, these classes are prone to resonate far past a single incident.
Associated content material:
Buyer Updates: Stryker Community Disruption | Stryker
Stryker Hit By Cyberattack | HCI Innovation Group
