West Pharmaceutical Services Recovers from Cyberattack, Restores Global Operations
West Pharmaceutical Services has fully restored operations across its global sites following a cybersecurity incident detected earlier this month. The medical equipment manufacturer first identified unauthorized activity on May 4 and confirmed a material cyberattack on May 7, which involved data exfiltration and system lockdowns.
In response, the company took systems offline worldwide, notified law enforcement, and engaged external cybersecurity experts to contain the breach. By May 20, West Pharmaceutical announced it had successfully restarted core processes including manufacturing, shipping, and supply chain operations across all locations.
While the investigation remains ongoing, the company stated it has not detected further unauthorized access. Analysts at Evercore ISI noted West Pharmaceutical’s swift recovery, citing its ability to leverage 24/7 operations and flex capacity to mitigate disruptions. The incident is not expected to have a material impact on the company’s 2026 financial outlook, including second-quarter or full-year forecasts.
The attack follows a recent wave of cybersecurity incidents in the healthcare sector, with Stryker, Intuitive Surgical, and Medtronic reporting similar breaches in March and April. West Pharmaceutical continues to assess the extent of data affected as part of its review.
Stryker TPRM report: https://www.rankiteo.com/company/stryker
"id": "str1779337852",
"linkid": "stryker",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare/Pharmaceutical',
'location': 'Global',
'name': 'West Pharmaceutical Services',
'type': 'Medical equipment manufacturer'}],
'data_breach': {'data_exfiltration': True},
'date_detected': '2026-05-04',
'date_publicly_disclosed': '2026-05-07',
'date_resolved': '2026-05-20',
'description': 'West Pharmaceutical Services detected unauthorized activity '
'leading to a material cyberattack involving data exfiltration '
'and system lockdowns. The company restored global operations '
'after taking systems offline and engaging cybersecurity '
'experts.',
'impact': {'data_compromised': 'Data exfiltration',
'operational_impact': 'Systems taken offline worldwide; core '
'processes restarted by May 20',
'systems_affected': 'Global systems, including manufacturing, '
'shipping, and supply chain operations'},
'investigation_status': 'Ongoing',
'ransomware': {'data_encryption': 'System lockdowns',
'data_exfiltration': True},
'references': [{'source': 'West Pharmaceutical Services announcement'},
{'source': 'Evercore ISI analysis'}],
'response': {'containment_measures': 'Systems taken offline worldwide',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': 'Restored manufacturing, shipping, and '
'supply chain operations',
'third_party_assistance': 'External cybersecurity experts'},
'title': 'West Pharmaceutical Services Cyberattack',
'type': 'Cyberattack'}