Handala, an Iran-linked hacker group, has claimed responsibility for a cyberattack targeting medical technology giant Stryker, calling the operation an “unprecedented blow” to the company.
Stryker is one of the world’s largest medical technology companies, with more than 50,000 employees and operations in dozens of countries. The company manufactures a wide range of surgical, orthopedic, and neurotechnology equipment used in hospitals and healthcare systems worldwide.
According to the group, the attackers wiped more than 200,000 servers, mobile devices, and other systems, forcing operational disruptions across Stryker’s global environment. They also claim to have stolen 50TB of internal data, though these figures have not been independently verified.
The incident began on March 11, triggering widespread outages across Stryker’s Microsoft-based systems and essentially locking employees out of key apps and corporate devices for a while.
Given Stryker’s role in supplying equipment used in hospitals worldwide, any disruption to its internal systems doesn’t just stay internal, it can ripple across healthcare providers and medical supply chains. Some reports also indicate the incident affected internal operations such as employee device access and elements of manufacturing and order processing.
The attackers reportedly defaced Stryker’s Microsoft Entra login portal with imagery tied to the Handala group, a classic hacktivist move to publicly claim the breach and send a message. Website defacement is a tactic often used by hacktivist groups to publicly claim responsibility for an intrusion and amplify the political message behind the attack.
Though this has not been officially confirmed, the attack may have involved remote wiping of corporate devices, possibly through enterprise device management systems.
For now, Stryker says there’s no sign of ransomware or active malware, but the incident has clearly thrown a wrench into its daily operations.
However, the company warned that the attack will continue to impact its work environment, including access to network systems and business applications, as recovery and system restoration efforts continue.
The company is still working to restore systems, and there’s currently no clear timeline for when everything will be fully back online.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn, Youtube and Instagram to keep the spark alive.
