Quick Summary
- Handala, a hacking collective with ties to Iran, took credit for launching a cyberattack against Stryker on March 11, 2026
- The medical device company disclosed a network-wide disruption affecting multiple systems and applications globally
- Hackers allegedly erased data on 200,000+ devices and stole 50TB of information, framing it as revenge for an Iranian school bombing
- Company officials confirmed no ransomware or malware was found and stated the breach appears to be under control
- Shares of SYK stock slid 3.6% Wednesday as news of the security incident spread
Medical equipment manufacturer Stryker faced a severe cyberattack on March 11 that crippled portions of its worldwide network infrastructure, triggering a 3.6% decline in share value.
In an SEC disclosure, the company acknowledged that the security breach disabled access to critical information systems and various business platforms. No specific recovery timeframe was provided.
Employees and external contractors took to social media platforms, describing how an Iran-affiliated hacking group’s logo suddenly appeared across company login screens. Those attempting to reach Stryker’s Michigan headquarters in Portage heard automated messages stating the facility was “currently experiencing a building emergency.”
According to Stryker’s statement, investigators discovered no ransomware or malicious software and indicated the situation appears to be under control. However, the impact reached far enough to disrupt operations at its Cork, Ireland manufacturing facility — home to over 4,000 workers — along with additional sites in Limerick and Belfast.
The Handala hacking collective, which has connections to Iran, announced its involvement through official Telegram and X channels. The organization framed the attack as payback for military strikes on a Minab girls’ school in southern Iran, where Iranian authorities report approximately 150 students perished on February 28, the opening day of coordinated U.S.-Israeli military operations against Iran. Reuters has been unable to independently confirm this casualty count.
Handala’s statement boasted of destroying data on over 200,000 workstations, servers, and mobile endpoints while siphoning 50TB of corporate information. The group additionally asserted that Stryker locations spanning 79 nations were compelled to cease operations. The company has not verified these particular assertions.
What Happened on the Ground
According to reporting from The Wall Street Journal, system failures initiated shortly after midnight Eastern time Wednesday, subsequently cascading across global operations. Remote Windows-based equipment — including laptops and smartphones linked to Stryker’s infrastructure — experienced complete data erasure.
Cynthia Kaiser, formerly a senior FBI cyber official and currently with Halcyon, stated: “This is exactly the type of attack we have been worried about: Iranian proxies using destructive cyber attacks like data deletion against U.S. companies to retaliate.”
The Handala group has established a pattern of similar operations. Check Point, an Israeli cybersecurity company, released research Tuesday documenting the group’s involvement in numerous hack-and-leak campaigns and destructive operations featuring data obliteration.
Gil Messing, Check Point’s Chief of Staff, identified the group as operating under Iran’s Ministry of Intelligence, describing them as “the most notorious group affiliated with the Iranian regime.” He characterized their public attribution of the attack as indicating “a new phase in Iran’s motivations.”
White House and Verifone
White House officials stated the Trump administration is “proactively monitoring potential cyber threats” while maintaining coordination with critical infrastructure operators and law enforcement partners. Neither the FBI nor CISA provided comments when contacted.
After targeting Stryker, Handala announced a subsequent attack on Verifone, an Israeli financial technology company. Verifone rejected these allegations, confirming its investigation uncovered no breach indicators and that customer services remained uninterrupted.
Ken Sheehan, director of operations at Smarttech247, observed that phishing campaigns remain Handala’s primary infiltration technique and recommended organizations strengthen cybersecurity awareness programs.
Stryker maintains a workforce of approximately 56,000 people operating in 61 nations and generated over $25 billion in revenue during the previous year.
