Cyber Attacks Stryker Disrupt Global Systems After Pro-Iranian Group Claims Retaliation

A large cyberattack has disrupted the global technology network of medical device giant Stryker, forcing widespread shutdowns of internal systems and leaving thousands of employees temporarily locked out of company platforms.

The disruption spread across Stryker’s Microsoft-based environment and affected operations in offices around the world. Staff and contractors attempting to log in encountered the emblem of a hacking group on their screens, while devices connected to the company’s network — including laptops, phones and servers — were wiped.

Stryker, a Michigan-headquartered Fortune 500 company known for surgical equipment, orthopaedic implants and neurotechnology products, employs roughly 56,000 people worldwide and reported more than $25 billion in revenue in 2025.

The group claiming responsibility calls itself Handala, also referred to as the Handala Hack Team. According to cybersecurity firm Palo Alto Networks, the persona is linked to a group known as Void Manticore, which is assessed to be affiliated with Iran’s Ministry of Intelligence and Security.

In posts circulated on social media, the hackers said they wiped more than 200,000 systems, servers and mobile devices and extracted roughly 50 terabytes of data. The group claimed the attack forced the shutdown of Stryker offices across 79 countries.

Stryker confirmed the incident in a public statement but said there was no indication of malware or ransomware involved. The company believes the disruption was contained within its internal Microsoft environment and said business continuity measures were in place to continue serving customers.

The attackers described the operation as retaliation for a military strike on an elementary school in Minab, Iran, which reportedly killed more than 100 people, most of them children. A preliminary investigation by the United States military found the strike was carried out by U.S. forces and appeared to have resulted from a targeting error.

Security observers note the cyberattack comes weeks after the United States and Israel launched military strikes against Iran in late February, marking one of the first major pro-Iranian hacking incidents against a U.S. corporate network since that escalation.

The disruption has already had practical consequences within healthcare systems. In Maryland, the Institute for Emergency Medical Services warned hospitals that Stryker’s Lifenet ECG transmission platform was largely non-functional across much of the state. Paramedics were advised to relay heart monitoring data verbally by radio to hospitals instead.

Hospitals in several parts of the United States were also reviewing whether to disconnect Stryker equipment from internal networks as a precaution while the incident was assessed.

The U.S. Cybersecurity and Infrastructure Security Agency said it was investigating the attack and coordinating with both government and private sector partners to provide technical assistance.

The scale of Stryker’s global footprint means the disruption could reach well beyond the United States. The company has major research and development operations in India, including a recently opened 140,000-square-foot facility in Bengaluru and an existing 220,000-square-foot campus in Gurugram focused on robotics, artificial intelligence, digital innovation and product security.

India hosts more than 1,000 Stryker employees and serves as a key engineering base for the company, alongside sales offices in Mumbai, Chennai and Kolkata. While Stryker has not released a country-by-country impact assessment, the attack reportedly affected systems across dozens of countries connected through the same Microsoft environment.

Security specialists say the incident highlights how corporate networks tied to global technology platforms can become collateral in geopolitical conflicts. In this case, the target was not a government system or defence contractor but a company whose products sit at the centre of hospital infrastructure.

Read more:

iPhone 17 Pro Added to Baseball History After Filming Red Sox Walk-Off Clincher

For healthcare providers now working through the technical disruption, the immediate concern remains continuity of patient care while the company and investigators determine the full scope of the breach.