Stryker Hit by Massive Iran-Linked Cyberattack, Threatening Global Hospital Supply Chains
Stryker Corporation, the Fortune 500 medical technology company, confirmed a widespread cyberattack Wednesday that disrupted operations in more than 60 countries.
The Iran-linked hacking group Handala claimed responsibility, alleging it wiped over 200,000 systems and stole roughly 50 terabytes of corporate data.
The breach forced the company to suspend critical systems in the U.S., Europe, and Asia, leaving thousands of employees unable to access email, internal software, and production tools.
Employees were instructed to shut down laptops, company phones, and connected devices immediately to prevent further compromise.
Windows systems reportedly suffered the most severe impact, affecting communications, manufacturing operations, and access to hospital technology.
Staff at Stryker’s Cork, Ireland, facility—the company’s largest base outside the U.S.—reported complete disruption of login systems, halting production lines and internal workflows, according to the Daily Express.
Analysts warned that downtime at a global medical device manufacturer like Stryker could ripple across hospitals, potentially delaying surgeries and other critical procedures.
A Stryker spokesperson told the Wall Street Journal, “Teams are actively working to restore systems and operations as quickly as possible. Business continuity measures are in place, and we remain committed to serving our customers.”
The company is collaborating with Microsoft engineers and Ireland’s National Cyber Security Centre to restore affected systems and mitigate further damage.
Officials emphasized the importance of securing medical supply chains, given the potential human consequences of interrupted surgical and hospital technology.
Handala claimed the attack was retaliation for recent U.S. and Israeli military actions against Iran, including strikes that destroyed over 50 Iranian ships under “Operation Epic Fury.”
The group has previously targeted Israeli military networks, energy companies, and private firms in the region.
Cybersecurity analysts believe Handala is likely a front for Iranian state-sponsored operations, possibly linked to the Revolutionary Guard Corps, and its activities align with Iran’s broader cyberwarfare objectives, according to the Economic Times.
FBI Director Kash Patel had emphasized earlier this week that federal authorities are closely monitoring potential cyber threats.
“The goal is clear: impose real costs on those who target Americans in cyberspace by dismantling their networks, pursuing the hackers and spies behind them, and degrading their capacity to operate,” he said on Tuesday, according to NewsNation.
Analysts noted that companies with global operations, especially in healthcare, are prime targets for attacks designed to create systemic disruption rather than generate ransom payments.
Handala reportedly deployed “wiper” malware, which permanently deletes data rather than holding it for ransom, emphasizing strategic disruption over financial gain.
SecurityWeek noted that the group has a history of claiming attacks against Israeli infrastructure, including military and energy networks, though many of its claims are difficult to independently verify.
Since the escalation of the U.S.-Israel-Iran conflict, Handala has taken credit for several destructive operations, demonstrating Tehran’s growing reliance on cyber capabilities to project power beyond conventional military strikes.
Stryker’s stock (SYK) fell roughly 3 percent following news of the breach, reflecting concerns about operational disruption.
Authorities continue investigating the full scope of compromised data, assessing potential risks to employees, customers, and business partners.
The incident highlights the increasing complexity of cyber threats facing multinational healthcare providers and the urgent need for robust cybersecurity measures, particularly against state-linked hacker groups operating with strategic, geopolitical objectives.
WATCH:
Medical technology company Stryker has reportedly been hit with a suspected Iran-linked cyberattack. pic.twitter.com/g1qxEsgViN
— Yahoo Finance (@YahooFinance) March 11, 2026
Continue Scrolling for the Comments
