Regulation FD Disclosure.

As previously reported in two separate Current Reports on Form 8-K, filed with and furnished to (as the case may be) the U.S. Securities and Exchange Commission (the "SEC") on March 11, 2026, and March 12, 2026, respectively, Stryker Corporation (the "Company") disclosed that the Company had identified a cybersecurity incident. Since then, the Company has worked around the clock, together with third-party experts and law enforcement to contain and neutralize the impact of the cyber incident and restore operations. Since then, the Company has been providing updates to its customers, suppliers, vendors and partners on its ongoing investigation through the Company's website and its social media channels. The information included in this report is a further update on the status of its ongoing investigation, which is also being communicated to its customers, suppliers, vendors, and partners through its website.

Early in the Company's investigation and based on the information it had at that time, management believed that the incident did not involve ransomware or malware. Further into the course of its investigation alongside Palo Alto Networks' Unit 42 and other experts, the Company was able to identify that while the threat actor used a malicious file to run commands which allowed it to hide its activity while in its systems, this file was not capable of spreading — either inside or outside of the Company's environment. As of the date of this report, the Company's investigation has not identified malicious activity directed towards its customers, suppliers, vendors or partners. The Company has continued to learn more alongside its third-party advisors, including those at Palo Alto Networks Unit 42. Their latest findings are included in a General Assurance letter, which is attached hereto as Exhibit 99.1 and can also be found on the Company's website at Stryker.com. This letter reaffirms the Company's belief that this incident is contained and that the current analysis has not identified any evidence of the threat actor accessing customer, supplier, vendor and partner systems as a result of this incident. The Company has also posted a statement on its website at Stryker.com which is attached hereto as Exhibit 99.2.

As its investigation is ongoing, the Company will continue to update its customers, suppliers, vendors and partners through its website disclosures, which updates will supersede previously made website reports. For example, the Company's website reports have been updated to reflect that the cybersecurity incident caused disruption to the Company's corporate network environment, including but not limited to the Microsoft environment. The Company's investigation of the cybersecurity incident is ongoing, and the scope, nature and impact, including, but not limited to operational and financial impact, of the incident continue to be assessed and re-evaluated. Accordingly, the Company has not yet determined whether the incident is reasonably likely to have a material impact on the Company.