One of the world’s largest medical technology companies is dealing with a major cyberattack after a pro Iran hacking group claimed responsibility for a disruptive operation against Stryker’s global systems.
Quick Summary – TLDR:
- A suspected Iran linked hacker group called Handala claimed responsibility for a cyberattack on medical technology giant Stryker.
- The attack disrupted the company’s Microsoft environment and affected order processing, manufacturing, and shipping.
- Hackers claim they wiped more than 200000 devices and stole 50TB of data, though these claims are not fully verified.
- The incident comes amid rising geopolitical tensions tied to the ongoing US Israel Iran conflict.
What Happened?
A cyberattack targeting global medical technology company Stryker has disrupted parts of the firm’s internal systems and operations. The company confirmed that the attack caused a worldwide disruption to its Microsoft environment, affecting several internal processes including order processing, manufacturing, and shipping.
The pro-Iran hacking group Handala has claimed responsibility for the attack, saying it wiped thousands of systems and extracted large volumes of data. Stryker says its investigation is ongoing and there is currently no evidence of ransomware or malware.
🚨Stryker Cyber Attack Update
— HCSA (@HCSAprocurement) March 13, 2026
NHS Supply Chain has set up an incident team to manage disruption caused by the Stryker cyber attack and is collaborating with NHS England and the Department for Health and Social Care, who have engaged with the National Supply Disruption Response… pic.twitter.com/wg5xRpzbTB
Global Network Disruption Hits Stryker Systems
Stryker first disclosed the incident after detecting unusual activity within its global network. The company said the disruption was limited to its Microsoft environment, but it still caused operational challenges across several regions.
The disruption affected:
- Order processing systems
- Manufacturing operations
- Shipping and logistics workflows
Despite the disruption, Stryker stated that its medical devices and patient-related systems remain safe to use. The company also reassured customers that products such as Mako, Vocera, and LIFEPAK35 were not affected by the incident.
The Michigan-based medical device maker operates in more than 60 countries and employs around 56000 people worldwide. In 2025, the company reported about 25 billion dollars in annual revenue, making it one of the largest healthcare technology suppliers globally.
Hackers Claim Massive Device Wipe and Data Theft
The hacking group Handala publicly claimed responsibility for the attack through online statements. According to the group, the cyber operation wiped more than 200000 systems including servers, laptops, and mobile devices.
The hackers also claimed they extracted 50 terabytes of corporate data before wiping systems. Independent verification of these claims has not been confirmed.
Some reports suggest the attackers may have used Microsoft Intune, a legitimate device management platform used by companies to manage employee devices. If attackers gained administrator level access, they could remotely issue commands to reset or wipe devices connected to the corporate network.
Security experts say this type of tactic is known as a living off the land technique, where attackers misuse legitimate administrative tools instead of deploying traditional malware.
Employees and Offices Face Immediate Disruption
The cyberattack caused widespread disruption for employees across multiple locations.
Reports indicate that staff in several offices were locked out of laptops and corporate systems, forcing teams to halt work temporarily. At the company’s major European hub in Cork, Ireland, many employees were reportedly sent home after systems became inaccessible.
Some employees also reported that devices connected to company systems were suddenly wiped or reset, cutting off access to corporate communication tools and internal applications.
Attack Linked to Rising Geopolitical Cyber Tensions
Cybersecurity researchers believe the group behind the attack has ties to Iranian cyber networks.
Handala presents itself as a pro-Palestinian hacktivist group, but many analysts consider it a front for an Iranian state aligned threat actor known as Void Manticore, which is believed to operate under Iran’s Ministry of Intelligence.
The group said the attack was retaliation for recent military actions linked to the United States and Israel, including a strike in the Iranian city of Minab.
Experts warn that cyber operations linked to geopolitical conflicts are increasingly targeting private companies, supply chains, and healthcare infrastructure as part of broader digital warfare strategies.
Stryker Continues Recovery and Investigation
Stryker says it has implemented business continuity measures to support hospitals, partners, and customers while systems are restored. The company also confirmed that previously entered orders remain visible and will be processed once system communications are fully restored.
At the moment, investigators are still working to determine the full scope and financial impact of the attack. The company has not yet confirmed whether sensitive corporate or customer data was actually stolen.
Cybersecurity teams are continuing to rebuild systems and restore services while monitoring the network for any additional threats.
SQ Magazine Takeaway
To me, this attack shows something bigger than just another corporate cyber incident. When hackers tied to geopolitical conflicts start targeting companies that supply hospitals and medical technology, the consequences can spread far beyond IT systems.
The Stryker attack highlights how modern conflicts increasingly extend into the digital infrastructure of global businesses. Healthcare companies, supply chains, and critical manufacturers are becoming new battlegrounds in cyber warfare. That is a serious warning for every organization that relies on connected systems to run essential services.
