A cyber attack on a single manufacturer rippled out into the NHS — not by breaching NHS systems, but by cutting off the supply of equipment the NHS relies on. It's one of the clearest recent illustrations of supply-chain risk.
What happened
As set out in an NHS England briefing, medical-device manufacturer Stryker suffered a global disruption to its IT systems following a cyber attack, which hit its business operations, shipping and distribution and halted production. Stryker said the affected servers were internal infrastructure rather than product-facing, that its devices remained safe to use, and that it could not yet confirm whether any data had been stolen. For the NHS, the practical impact was supply: with roughly two weeks of certain Stryker stock in the UK chain, NHS Supply Chain moved to interim ordering and stock-management measures to keep equipment flowing to trusts.
Why it matters to you
You don't have to be breached to suffer from a cyber attack. If a supplier you depend on goes offline, your operations can stall — whether that's medical equipment, a software platform, a payment processor or a logistics partner. The more "just-in-time" and single-supplier your operation is, the harder this hits.
What to do
- Identify single points of failure in your supply chain — suppliers with no easy alternative.
- Hold sensible buffers of critical stock or capacity where you can.
- Line up alternatives for your most important supplies before you need them.
- Build a continuity plan that assumes a key supplier could vanish for weeks.
Resilience isn't only about your own systems — it's about the whole chain you depend on.
Want to understand your own supplier and cyber risk? Get in touch and we'll help you make sense of it.
Source: Stryker Medical – cyber-attack and associated disruption to supply — NHS England