Following the Stryker Cyberattack, Avatier Expands UK Healthcare Focus for Identity Challenge Card to Protect Passwordless Login, Account Recovery, and Frontline Human Verification

PLEASANTON, Calif. and LONDON, 6 May 2026 — In the wake of the March cyberattack on Stryker Corporation, Avatier today announced a UK healthcare focus for the Avatier Identity Challenge Card, a device-free backup MFA and human verification solution designed for frontline clinical environments where staff cannot always carry, access, or depend on a smartphone.

The Identity Challenge Card is designed to complement, not replace, existing Microsoft Entra ID, Okta, passwordless, smart card, passkey, and MFA investments. It adds a backup identity layer for the moments when device-dependent authentication cannot complete, cannot reach the worker, or cannot safely verify the person requesting access.

For healthcare organisations, that means support not only for human verification, but also for passwordless login continuity, account unlock, forgotten password reset, and helpdesk recovery in environments where shared workstations, rotating shifts, temporary staff, and high-pressure workflows are common.

“Healthcare organisations have invested heavily in Microsoft passwordless authentication and modern identity controls, but there are still frontline and recovery scenarios where phones, apps, networks, or identity systems are not available,” said Nelson Cicchitto, CEO of Avatier. “The Identity Challenge Card gives healthcare a simple backup path: verify the human, support account recovery, and keep secure access moving when the normal authentication path breaks.”

Helpdesk impersonation is now a frontline identity risk

Password reset and access recovery remain some of the most exposed moments in the identity lifecycle. When an attacker calls a service desk pretending to be a clinician, contractor, or employee, the agent often has to make a fast decision based on directory information, caller confidence, or knowledge-based questions.

That is no longer enough.

In the age of AI-assisted phishing, voice impersonation, and leaked employee context, the helpdesk has become a high-value attack path. The UK National Cyber Security Centre has warned that phishing can arrive through email, text, or phone calls, and enterprise service desks increasingly face vishing attempts designed to trigger password resets, MFA changes, or account recovery actions.

CrowdStrike reported that voice phishing attacks increased 442% from the first half to the second half of 2024, and that SCATTERED SPIDER used helpdesk voice-based phishing in observed 2025 incidents targeting Microsoft Entra ID, single sign-on, and virtual desktop infrastructure accounts.

Cyber disruption is now an access continuity issue

The March 2026 Stryker cyberattack is a reminder that disruption is not limited to ransomware encryption or patient-facing systems. When Microsoft environments, identity workflows, or device-dependent authentication paths are disrupted, organisations still need a trusted way to verify employees and restore access. (See Stryker's full attack cost here.)

The same continuity principle applies across UK healthcare. NHS England reported that the 2024 Synnovis ransomware attack disrupted pathology services and delayed more than 11,000 outpatient and elective appointments. Cyber disruption is now a patient-care continuity issue as well as an IT issue.

How Identity Challenge Card works

Identity Challenge Card is a physical, pre-issued card assigned to each employee. It works without a smartphone, app, battery, token, or live internet connection.

In a helpdesk or recovery workflow:

1. an employee requests help with login, account unlock, passwordless recovery, or forgotten password reset;
2. the service desk or system challenges the employee with a specific coordinate from the assigned card;
3. the employee responds with the card value and PIN;
4. if the challenge cannot be completed, the reset or recovery request stops before access is granted.

This allows organisations to verify the human before restoring access, unlocking an account, resetting a password, or continuing a frontline access workflow.

Designed to extend healthcare identity coverage

Most healthcare organisations already rely on Microsoft Entra ID, Okta, mobile MFA, smart cards, passkeys, or passwordless login. The Identity Challenge Card is intended to close the coverage gap for employees and workflows where those tools are unavailable, impractical, compromised, or too costly to extend across the full workforce.

“Healthcare does not need another tool that assumes every worker has a phone, a network connection, and time to complete a perfect authentication flow,” said Cicchitto. “It needs backup identity — a way to verify the human and keep access moving for the entire workforce, especially when the helpdesk is under pressure.”

Availability

The Avatier Identity Challenge Card is available now for healthcare organisations seeking backup MFA, passwordless login continuity, account unlock, forgotten password reset, helpdesk human verification, and identity continuity for frontline workers.

Additional information is available at identitychallengecard.com.

About Avatier
Founded in 1997 by Nelson Cicchitto, Avatier is pioneering MCP-first conversational identity management, bridging the $20 billion identity market with the $800 billion call center and service interaction market. The Avatier platform combines Trusted Conversational AI for Identity with credential governance, passwordless login, lifecycle provisioning, access governance, and workflow automation to help organizations verify the human, enforce policy, and complete secure workflows across chat, voice, phone, self-service, help desk, and frontline environments. Trusted by Fortune 500 organizations across healthcare, financial services, manufacturing, energy, government, military, and education, Avatier turns identity into a driver of security, productivity, resilience, and business continuity.

Identity Anywhere™ | avatier.com | trust.avatier.com

Media Contact
Mary Marshall, Director of Communications, Avatier | +1 925-217-5170