Faith-Based Daily Awareness Post 17 March 2026

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

PA: Pittsburgh cathedral dean resigns, suspected of selling church artifacts online

The dean of Trinity Episcopal Cathedral, the Rev. Aidan Smith, has resigned amid a broader investigation into alleged misconduct. While his resignation follows separate criminal charges related to retail theft, house of worship (HOW) leadership disclosed that he had already been under internal investigation for weeks over allegations that he may have improperly sold cathedral artifacts through online platforms. According to diocesan leadership, these claims involve potential failure to safeguard HOWs property, though they remain unproven and are being handled through internal disciplinary processes.

Analyst Comments: This incident highlights a relatively uncommon but important insider threat vector: the potential misuse or unauthorized sale of institutional property by trusted individuals. In this case, the alleged conduct, if substantiated, would fall under internal asset misappropriation, where an individual with legitimate access exploits that trust for personal gain. Faith-based organizations may be vulnerable due to decentralized oversight structures, reliance on trust, and the presence of valuable or historically significant artifacts that may not be closely inventoried or monitored. The situation underscores the need for basic internal controls, such as asset tracking, periodic audits, and clear accountability for custodianship of property. Even though these allegations remain unproven, the case serves as a reminder that insider threats are not limited to financial fraud or data theft but can extend to physical assets, including culturally or religiously significant items.

Stryker attack wiped tens of thousands of devices, no malware needed

A major cyberattack against medical technology company Stryker has been attributed to an Iran-linked hacktivist group known as Handala, resulting in widespread operational disruption and the remote wiping of tens of thousands of devices across the organization. Stryker confirmed that the attack did not involve ransomware or malware but, instead, leveraged compromised administrative access within its Microsoft environment. Investigators found that the threat actor gained control of a privileged account, created a new Global Administrator account, and then used Microsoft Intune, a device management tool, to issue mass “wipe” commands that erased data from approximately 80,000 devices in a short time window. Reports indicate that corporate and some personal devices enrolled in the system were affected. While attackers claimed large-scale data theft, there is currently no confirmed evidence of exfiltration. The incident caused significant disruption to business operations, forcing manual workarounds, though Stryker stated core medical products and patient systems were not impacted. 

Analyst Comments: This incident reinforces two critical realities for U.S.-based organizations, including faith-based institutions. First, it highlights the continued willingness and capability of Iran-linked cyber threat actors to target U.S. entities as part of broader geopolitical tensions, with an emphasis on disruptive outcomes. Second, and more importantly from a defensive standpoint, it demonstrates that attackers do not always need to “hack” systems in the traditional sense; if a threat actor gains Global Administrator privileges, they can weaponize trusted tools already built into the environment to cause catastrophic damage. In this case, the use of legitimate enterprise management software to execute mass device wipes bypassed many conventional security controls designed to detect malware. For organizations, this underscores the importance of identity security as a primary defense layer, specifically protecting privileged accounts, enforcing multi-factor authentication, limiting admin access, and monitoring for abnormal administrative actions.

Emerging Attack Vectors: AI Agents & Prompt Injection

The Gate 15 article on emerging attack vectors highlights how rapid technological change particularly advances in artificial intelligence is reshaping the threat landscape. AI enables attackers to automate operations, scale phishing and social engineering campaigns, and identify vulnerabilities more quickly, increasing the speed and sophistication of potential attacks. At the same time, the article notes that these same technologies can strengthen defensive capabilities by helping organizations detect anomalies, improve threat analysis, and enhance resilience planning. Overall, the piece emphasizes that organizations must adapt their security and risk management strategies to address evolving, technology-driven threats.