Medical technology giant Stryker Corp. suffered a major cyberattack Wednesday that disrupted global operations, wiped data from thousands of employee devices and forced widespread system shutdowns, with an Iran-linked hacktivist group claiming responsibility.

Stryker Corporation Hit by Suspected Iran-Linked Cyberattack, Causing Global Outage
Stryker Corporation Hit by Suspected Iran-Linked Cyberattack, Causing Global Outage

The incident, which began early March 11, 2026, affected Stryker's networks across the United States, Europe, Asia and other regions, leaving employees unable to access accounts or perform work. Internal login pages and managed devices displayed the logo of Handala, a pro-Palestinian hacking collective widely believed to be affiliated with Iran's Ministry of Intelligence and Security.

Stryker, a leading manufacturer of medical devices including orthopedic implants, surgical equipment and hospital beds, employs more than 56,000 people worldwide and operates in over 60 countries. The company has a significant presence in Ireland, where up to 5,000 workers — many based in Cork facilities — were impacted.

Reports from employees and cybersecurity sources indicate the attack involved destructive "wiper" malware, which permanently deletes data rather than encrypting it for ransom, as seen in traditional ransomware campaigns. Affected devices, including laptops, cellphones and other Microsoft Windows-based systems connected to Stryker's network, were remotely wiped, rendering them unusable. Data loss appears irreversible without backups, though the full extent remains unclear.

Handala claimed the operation targeted more than 200,000 systems, servers and mobile devices, extracting 50 terabytes of data and forcing office closures in 79 countries. In a statement circulated online, the group described the hack as "only the beginning of a new chapter in the cyber war" and accused Stryker of ties to "Zionism" and other entities it opposes. The claim came amid heightened geopolitical tensions following U.S. and Israeli military strikes on Iran in late February 2026, dubbed Operation Epic Fury and Operation Roaring Lion.

Cybersecurity researchers from Palo Alto Networks' Unit 42 have long linked Handala to Iranian state interests, noting the group's use of website defacements, data exfiltration, distributed denial-of-service attacks and wiper malware in operations targeting Israel, Gulf states and Western entities. The persona has escalated activities in recent weeks as part of broader Iranian-aligned retaliatory efforts.

Stryker shares fell about 3% in trading Wednesday following initial reports of the outage, reflecting investor concerns over potential operational and financial fallout. The company did not immediately respond to requests for comment but told some media outlets it was working with Microsoft to address the incident, classifying it as a "critical, enterprise-wide" event.

The attack highlights the growing risk to critical infrastructure from state-linked hacktivists amid escalating Middle East conflicts. Unlike espionage-focused operations, wiper attacks aim to cause maximum disruption and economic damage. Stryker's role in supplying essential medical equipment raises questions about potential impacts on healthcare delivery if recovery drags on.

Irish authorities were notified, with Stryker reporting the breach to Ireland's National Cyber Security Center. The incident echoes past high-profile cyber events, including the 2021 Colonial Pipeline ransomware attack and earlier Iranian-linked disruptions, but stands out for its destructive nature and timing.

Experts warn that Iran's cyber capabilities, though hampered by domestic internet restrictions following recent strikes, continue through proxies like Handala. The group has previously targeted financial institutions, energy firms and Israeli-linked entities, often blending ideological messaging with technical sabotage.

As investigations continue, Stryker faces the challenge of restoring systems, assessing data loss and determining whether backups can mitigate the wipe. Company officials have not disclosed whether patient data or manufacturing lines were directly affected, though the scale suggests broad operational halts.

The incident underscores vulnerabilities in global supply chains for medical technology, where a single breach can ripple across hospitals and clinics reliant on Stryker products. Cybersecurity analysts urge heightened defenses against wiper threats, including air-gapped backups and rapid incident response.

No injuries or immediate patient harm have been reported, but the outage serves as a stark reminder of how geopolitical flashpoints can manifest in cyberspace, targeting seemingly unrelated commercial entities.