What the Stryker cyberattack teaches mission-driven organizations about a new era of cyber risk
On March 11, 2026, employees at Stryker — a medical technology company serving more than 150 million patients in 61 countries — arrived at work to find their screens locked and their data gone. By midday, thousands of employees worldwide had been sent home. Signs posted on the doors of Stryker's Michigan headquarters carried a blunt instruction: do not connect to any Stryker network or device.
This was not a ransomware attack. There was no demand for payment, no negotiation, no decryption key waiting on the other side of a wire transfer. This was a wiper attack — a form of cyberattack designed not to steal or extort, but to destroy.
For nonprofit and social impact leaders, it would be easy to read this story as someone else's problem. It isn't.
What Is a Wiper Attack — and Why It's Different
Most organizations have at least a passing familiarity with ransomware: attackers encrypt your data and demand payment for the key. Wiper attacks work differently. The goal isn't money. It's maximum disruption. Files are deleted or overwritten. Devices are rendered unusable. Recovery is slow, expensive, and — without proper backups — sometimes impossible.
Wiper attacks are not new, but they are becoming more common as a tactic used by sophisticated threat actors. They tend to target infrastructure, operational continuity, and the ability of an organization to function — which makes them particularly dangerous for mission-driven organizations whose work cannot simply pause.
Why This Matters Beyond Stryker
Stryker is a large enterprise with a dedicated security team, business continuity protocols, and significant resources to respond. And still — operations halted globally in a matter of hours.
That context should prompt a direct question for every nonprofit leader: if a Fortune 500 company with a world-class IT organization can have its systems wiped overnight, what does our organization's exposure look like?
The honest answer for most nonprofits is: more than we've acknowledged.
Consider what the average mission-driven organization depends on daily:
- Microsoft 365 or Google Workspace for email, documents, and internal communication
- Cloud-based CRMs or case management platforms for program delivery and donor data
- Healthcare or social service partner networks that share data environments
- Managed service providers or IT vendors who hold administrative access to your systems
A wiper attack — or even the cascading failure from a major platform disruption — touching any of these could stop your programs, lock your staff out of critical data, and leave the people you serve without services. For organizations working in housing, health, crisis intervention, or food access, that's not an operational setback. That's a direct harm to your mission.
Three Questions Every Nonprofit Leader Should Ask
1. Do we have a real business continuity plan?
Not an IT checklist — a leadership-level plan for how your organization keeps serving clients when systems go dark. Who makes decisions under pressure? What gets prioritized? How do you communicate with staff, board members, funders, and the communities you serve? How often do we test it?
2. Do we understand our vendor risk?
Most nonprofits outsource significant technology functions — to cloud platforms, SaaS providers, and managed IT partners — without a clear picture of what happens when one of those vendors is compromised or goes offline. You don't need to be paranoid about this. But you do need to ask the question, and get a straight answer.
3. Are we treating cybersecurity as a leadership issue?
The organizations that weather disruptions well share a common trait: leadership made foundational decisions about risk, backup systems, and incident response before something went wrong — not during. Cybersecurity cannot live exclusively in the IT department. It belongs in the boardroom and in operational planning.
What Practical Readiness Looks Like
Strong cybersecurity posture for a nonprofit doesn't require an enterprise budget. It requires a few non-negotiable foundations:
- Multi-factor authentication on all accounts — email, financial systems, donor databases
- Regular, tested data backups stored separately from your primary network environment
- A documented incident response plan reviewed and tested at least annually and known to key staff
- A trusted managed service partner who understands both your technical environment and the specific context of your mission
The Stryker attack is a high-visibility reminder that wiper attacks and destructive cyber incidents are no longer theoretical risks. They're operational realities — and when they happen, they move fast.
The best time to build your organization's resilience was before an incident. The second-best time is right now.
We work exclusively with nonprofits and mission-driven organizations to build practical, affordable cybersecurity and IT infrastructure. If you'd like to understand your organization's current risk posture, we'd welcome a conversation.
