A cyberattack claimed by pro-Iran hackers has caused a global network disruption to Michigan-based Stryker, a major US medical device maker. The company develops medical technology products in surgery, neurotechnology and orthopaedics, operates in more than 60 countries and employs over 56,000 people.
An Iranian-linked hacking group shut down technology operations across Stryker's global offices. Employees with company-linked phones had their devices wiped, and staff were instructed to remove Microsoft Intune from personal devices. The company said it has no indication of ransomware or malware and believes the incident is contained, with teams working to understand the attack's impact and business continuity measures in place.
A hacktivist group with links to Iran's intelligence agencies claimed responsibility, saying Stryker's offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices. The logo of Handala, a pro-Iran and pro-Palestinian hacking group, appeared on employee login pages.
The group said the wiper attack was in retaliation for a February 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. Iranian authorities have put the final death toll at 165 people, most of them girls aged between 7 and 12.
It was unclear what immediate impacts the hack had on Stryker's provision of medical equipment to US hospitals, though cybersecurity executives across the health sector were on alert. Healthcare providers worldwide depend on Stryker equipment for everything from orthopaedic surgery to trauma care, making the outage a genuine concern for patient care continuity.
Stryker acquired Israeli medical technology company OrthoSpace in 2019, which may explain why it became a target. Handala is assessed as one of several online personas maintained by Void Manticore, a Ministry of Intelligence and Security-affiliated actor that surfaced in late 2023.
In Stryker's largest hub outside the United States, Ireland, the company sent home more than 5,000 workers. The company's computers in Ireland were also hit by the cyberattack.
The attack represents a sharp escalation in cyber operations linked to the broader US-Israel-Iran conflict. Unlike financially motivated ransomware attacks, Handala is not motivated by money; according to one cybersecurity expert, if attackers want monetary gain they must compromise users and negotiate extortion, but if they just want to cause disruption it's far easier.
For Stryker and other major companies in critical infrastructure, the message is sobering. The company and some of its business units have significant contracts with the Departments of Defence and Veterans Affairs. The US Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
The incident underscores why digital resilience matters for companies whose products touch patients' lives directly. When operations are disrupted at this scale, the effects ripple through hospitals, surgical schedules and medical supply chains across the globe. Stryker says it has business continuity plans in place, but the scope of the outage suggests those measures face a serious test.