Massive cyberattack cripples medical technology giant Stryker

The hacker group Handala claims to have destroyed more than 200,000 systems belonging to US corporation Stryker and stolen 50 terabytes of data. Offices in 79 countries are said to be affected.

The American medical technology conglomerate is grappling with the aftermath of a devastating cyberattack. The company, a Fortune 500 member with roughly 56,000 employees and annual revenues exceeding $25 billion, is a major supplier to hospitals worldwide. Stryker manufactures surgical instruments, orthopedic implants, and neurotechnology products, including for facilities in Germany.

Hacker logo on login screens

The group Handala has claimed responsibility for the attack. The group is believed to have close ties to the Iranian state. According to its own statements, Handala wiped more than 200,000 servers, mobile devices, and other systems and exfiltrated 50 terabytes of data. As a result, Stryker reportedly had to shut down offices in 79 countries.

The Wall Street Journal reported on Wednesday that Stryker had confirmed the incident. Employees and external contractors found the hacker group’s logo displayed on their login screens. Phones, laptops, and other devices connected to the corporate network had been wiped, with Windows systems particularly hard hit. Stryker instructed its workforce not to power on company devices and to disconnect immediately from all networks.

Stryker calls the incident contained

Internally, Stryker appears to have communicated the situation in stark terms. According to the Irish Mirror, the company told employees at its Cork, Ireland site that a severe global disruption was affecting all laptops and networked systems.

In a public update on Wednesday afternoon, Stryker stated that the incident was a global network disruption within its Microsoft environment resulting from a cyberattack. The company said there were no indications of ransomware or malware and that it believed the incident had been contained.

SEC filing officially confirms the attack

Stryker has since officially disclosed the incident to the US Securities and Exchange Commission in a Form 8-K filing. In it, the company reiterates that it identified a cybersecurity incident on March 11, 2026. It activated its emergency response plan immediately and launched an investigation together with external advisors and cybersecurity experts.

In the filing, Stryker acknowledges that the disruption will continue to affect daily operations, including access to network systems and business critical applications. The company did not provide a specific timeline for full recovery.

Handala: Hacktivists or Iranian state hackers?

The group Handala has been increasingly active since the escalation of the conflict involving the United States, Israel, and Iran. On the surface, it presents itself as a hacktivist collective with a pro-Palestinian and anti-Israeli orientation. However, the cybersecurity industry widely suspects that Handala serves as a front for Void Manticore, a threat actor attributed to the Iranian state.

The group is known for phishing attacks, data theft, extortion, and the deployment of custom built wiper malware designed to permanently destroy systems. Threat intelligence firm Flashpoint also attributes information operations and psychological warfare to Handala.

Since the conflict began, Handala claims to have wiped Israeli military weather servers, tapped into security cameras in Jerusalem, stolen and deleted data from various companies, exposed Israeli intelligence operatives, and hacked an Israeli oil and gas company. The group regularly broadcasts its alleged successes on Telegram and X, though these claims often cannot be independently verified.