A hacking group linked to Iran claimed responsibility for a cyberattack that disrupted the operations of U.S. medical device manufacturer Stryker and wiped large numbers of connected systems across the company’s global network.
Incident Overview
The cyberattack targeted Stryker on March 11, 2026 and caused disruption to the company’s internal computer systems and global technology environment. The Michigan-based medical technology company reported a global network disruption affecting its Microsoft environment after the cyberattack occurred.
Stryker is a medical device manufacturer (not explicitly HIPAA-covered) headquartered in Kalamazoo, Michigan and operates in multiple countries. The company employs approximately 56,000 people and maintains operations in 61 countries.
Following the incident, the company experienced disruption across internal systems used for operations. The attack affected the organization’s ability to process orders, manufacture products, and ship goods to customers.
The full scope of operational impact remains under investigation. A timeline for complete restoration of systems has not been provided.
Group Claiming Responsibility
A hacking group known as Handala claimed responsibility for the cyberattack. The group is described as linked to Iran and has conducted cyber operations targeting organizations in previous incidents. The group published statements claiming that the attack erased large numbers of computer systems connected to Stryker’s network. The group also claimed that data had been extracted from company systems during the operation.
Handala stated that more than 200,000 systems, servers, and mobile devices were wiped and that approximately 50 terabytes of data were extracted during the operation. These figures originate from statements made by the hacking group. Independent verification of those claims has not been confirmed.
Reported Motivation for the Attack
Handala stated that the cyberattack was conducted in response to a military strike on a girls’ school in Minab, Iran. The strike reportedly killed around 150 students. The group described the cyberattack as retaliation for that incident and other cyber operations involving entities aligned with the United States and Israel.
Operational Disruption
The cyberattack disrupted Stryker’s internal computer environment and business operations. The disruption affected systems used to manage orders, production activity, and shipping processes. Employees and contractors reported that login screens displayed imagery associated with the Handala group during the incident.
The company reported that internal systems experienced outages and operational limitations after the attack began. Despite the operational disruption, Stryker stated that connected medical devices and patient-related services remained unaffected.
Ransomware and Malware Status
Stryker reported no evidence of ransomware or malware associated with the cyberattack. The organization indicated that the incident appeared to involve disruption and system wiping rather than ransomware encryption activity.
Government Monitoring
U.S. government officials indicated that the situation was being monitored following reports of the cyberattack and the claims made by the hacking group. Additional details regarding any law enforcement or regulatory investigation were not stated in the approved sources.
Market and Business Impact
News of the cyberattack was followed by a decline in Stryker’s share price. The company’s stock fell approximately 3.6 percent after the incident became public. Operational recovery activities were underway as the company worked to restore affected systems and resume business functions.
Image credit: Myvector, Adobsetock / logo©Stryker
