March 19, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) urged health care and critical infrastructure organizations to review and strengthen endpoint security configurations in a March 18 alert. The communication follows a March 11 cyberattack on Stryker Corporation that affected its Microsoft environment.
CISA recommends implementing best practices aligned with Microsoft guidance, including enforcing least-privilege access, using role-based access controls, requiring phishing-resistant multi-factor authentication and establishing multi-admin approval for high-impact actions. The agency also encouraged organizations to review additional CISA and Microsoft resources to strengthen defenses against malicious cyber activity that exploits legitimate administrative tools.
4550 Montgomery Avenue
Suite 700, North Tower
Bethesda, MD 20814
301.907.6977
