A massive cyber attack has crippled the global operations of the US medical technology giant Stryker, with an Iran-linked hacking group claiming the strike was direct retaliation for a recent American missile attack on an Iranian school.
The disruption, which began on March 11, has forced the company to shut down systems across the US, Europe, and Asia, sent its stock price tumbling, and raised serious concerns about the supply of critical medical equipment to hospitals worldwide.
The group behind the attack, known as Handala, publicly took credit through its Telegram channels, framing the operation as a response to a Tomahawk missile strike on an elementary school in Minab, Iran, which reportedly killed near 180 people, mostly school-going little girls. Handala described Stryker as a “Zionist-rooted” entity—a likely reference to the company’s 2019 acquisition of the Israeli firm OrthoSpace and its extensive contracts with the US Department of Defense and the VA.
Cyber security experts say unlike typical ransomware attacks where data is held for payment, this incident appears to be a “wiper” operation designed for pure destruction. The hackers claim to have erased data from over 200,000 systems and exfiltrated 50 terabytes of sensitive information, though Stryker has yet to verify the scale of the theft. The company has confirmed the disruption to its Microsoft environment but maintains the incident is contained and that there is no evidence of traditional malware or ransomware.
The fallout was felt immediately on the ground, as employees in nearly 80 countries found themselves locked out of their laptops and servers, forcing temporary office closures. While no immediate impact on patient care has been reported, the potential for delays in delivering essential gear like defibrillators and ambulance cots is a growing worry for healthcare providers. Microsoft engineers and cyber security experts are currently on-site working to restore the network, but the company has not yet provided a clear timeline for when things will return to normal.
Security experts warn that as geopolitical tensions boil over, “hacktivist” groups are increasingly targeting critical infrastructure and private corporations perceived as supporting US or Israeli interests, while for Stryker, the road ahead looks difficult, with the company facing not just the technical challenge of rebuilding its network, but also the looming threat of data leaks, regulatory scrutiny, and a potentially fractured supply chain.
