US medical tech company Stryker attacked by Iran-linked hackers

Medical technology giant Stryker Corporation is investigating a cyberattack that disrupted parts of its global network and forced the company to take systems offline. The attack, which affected internal operations and employee access to devices and applications, has been claimed by the hacking group Handala, which says it carried out the operation as part of a politically motivated campaign.

What happened

According to Reuters, Stryker experienced a cyberattack that disrupted access to some of its systems and affected operations across its global network. The company disclosed the incident in a filing with the U.S. Securities and Exchange Commission, noting that it did not yet have a timeline for when full system functionality would be restored.

The attack has been claimed by a hacking group known as Handala, which posted a message on Telegram taking responsibility for the incident. Employees and contractors also reported seeing the group’s logo appear on internal login screens during the disruption.

Although the company reported significant system outages, it said there was no indication that ransomware or malware was involved in the attack.

News of the incident also affected the company financially, with shares of Stryker falling about 3.6% following reports of the suspected cyberattack.

Going deeper

The cyberattack was claimed by Handala, a hacking persona that cybersecurity researchers have linked to Iran. The group said in messages posted to its Telegram channel that it carried out the attack against Stryker in retaliation for a strike on a girls’ school in the Iranian city of Minab and what it described as ongoing cyberattacks against Iran.

Handala has previously claimed responsibility for attacks on organizations in Israel and elsewhere, often carrying out “hack-and-leak” operations or destructive cyberattacks designed to damage systems or delete data. Cybersecurity firm Check Point said the group is believed to operate under Iran’s Ministry of Intelligence.

The outages reportedly began shortly after midnight on the US East Coast, with staff reporting that remote devices running Microsoft Windows, including laptops and mobile phones connected to Stryker’s systems, had been wiped or disabled.

What was said

In a statement, a spokesperson for Stryker Corporation said the company was investigating the incident but had not yet determined the full impact. “We have no indication of ransomware or malware and believe the incident is contained,” the spokesperson said.

Cybersecurity experts warned that the attack may represent a broader escalation of state-linked cyber activity. Cynthia Kaiser, senior vice president at cybersecurity firm Halcyon and a former FBI cyber official, said, “This is exactly the type of attack we have been worried about,” reflecting that the incident reflects the type of retaliation security experts have feared.

A White House official also said the US government was monitoring potential cyber threats and coordinating responses with infrastructure agencies and law enforcement.

In the know

According to Economic Times, Handala is an Iran-linked “hacker group that appeared around 2022.” It has executed “cyberattacks on companies connected to Israel or the Gulf region.”

Cybersecurity analysts say the group is operating as proxy actors for state interests. Rather than governments directly launching cyberattacks, countries may rely on loosely affiliated hacktivist groups to conduct operations while maintaining plausible deniability.

By targeting a major medical technology company, the hackers showed how cyber warfare can disrupt supply chains and essential industries without involving direct military engagement.

According to Paubox, supply chain attacks, primarily categorized as vendor and business associate email exposure, represent one of the most pervasive and damaging threat patterns. These attacks occur when protected health information (PHI) is exposed through compromised or insecure email communication with third-party partners, such as billing firms, imaging services, and outsourced IT providers.

See also: HIPAA Compliant Email: The Definitive Guide (2026 Update)

The bigger picture

The attack indicates how geopolitical conflicts could spill over into cyberspace and target major private-sector organizations. Experts have warned that Iran has significant cyber capabilities and could retaliate against US or Israeli entities through disruptive cyberattacks.

For healthcare and medical technology companies, the incident also points to the risks posed by cyber disruptions to critical infrastructure. Stryker operates in 61 countries and employs about 56,000 people, meaning outages affecting its systems could have wide-ranging operational impacts.

The market reaction also reflected concern about the attack’s potential impact, with Stryker’s shares falling 3.6% after news of the breach emerged.

FAQS

Did the cyberattack expose patient data?

As of now, there has been no confirmation that patient data was exposed in the attack. However, the investigation is still ongoing, and cybersecurity teams are working to determine whether any sensitive information was accessed.

Why do cyberattacks target healthcare and medical technology companies?

Healthcare and medical technology organizations are attractive targets because they operate critical infrastructure and manage large amounts of sensitive data. Disrupting these systems can affect hospital operations, supply chains, and patient care, making them high-value targets for cybercriminals and politically motivated hackers.

How can healthcare organizations reduce the risk of cyberattacks?

Healthcare organizations can reduce cyber risk by implementing strong cybersecurity practices such as network monitoring, endpoint protection, employee security training, and rapid incident response plans. Many organizations also use technologies like endpoint detection and response (EDR) and managed detection and response (MDR) services to identify threats early.