TLDR
- A cyberattack on Stryker occurred March 11, 2026, with Iran-affiliated group Handala taking credit for the breach
- The medical device company experienced widespread network disruptions affecting systems and applications globally
- Hackers assert they erased data on 200,000+ devices and stole 50TB of information, framing it as revenge for an Iranian school bombing
- Company officials confirmed no ransomware or malware was found and state the breach appears isolated
- Shares of SYK declined 3.6% Wednesday as news of the security incident spread
A major cyberattack disrupted Stryker’s operations worldwide on March 11, causing the Michigan-headquartered medical technology company’s shares to fall 3.6% as investors reacted to the security breach.
In a regulatory filing submitted to the SEC, the corporation disclosed that the incident resulted in loss of access to certain information technology systems and key business platforms. The company did not specify when services would be fully restored.
Employees and third-party workers posted on social platforms that login screens displayed imagery associated with an Iranian hacking collective. Phone calls to the company’s Portage, Michigan corporate office were answered with an automated message stating a “building emergency” was in progress.
According to Stryker’s statement, investigators detected no ransomware or malicious software and the company maintains the security event has been successfully contained. However, the impact reached multiple international locations, including the Cork, Ireland manufacturing facility — home to over 4,000 workers — plus operations in Limerick and Belfast.
The Handala hacking group, which has ties to Iran, announced via Telegram and X that it orchestrated the attack. The collective characterized the operation as payback for an airstrike on a girls’ school in Minab, southern Iran. Iranian authorities claim approximately 150 students perished in the incident on February 28, the opening day of coordinated U.S.-Israeli military action against Iran. This casualty count remains unverified by Reuters.
Handala asserts it destroyed data on over 200,000 computers, servers, and smartphones while exfiltrating 50TB of corporate information. The group further stated that Stryker locations spanning 79 nations were compelled to cease operations. The company has not publicly validated these particular assertions.
What Happened on the Ground
According to Wall Street Journal reporting, system failures commenced shortly after midnight Eastern Standard Time Wednesday and cascaded globally. Remote Windows-based equipment — laptops and mobile devices linked to corporate infrastructure — underwent complete data erasure.
Cynthia Kaiser, formerly a senior FBI cybersecurity official and currently with Halcyon, commented: “This is exactly the type of attack we have been worried about: Iranian proxies using destructive cyber attacks like data deletion against U.S. companies to retaliate.”
The Handala collective has an established history of malicious activity. Check Point, an Israeli cybersecurity company, released research Tuesday documenting the group’s involvement in numerous hack-and-leak campaigns and destructive operations featuring data elimination.
Gil Messing, Check Point’s Chief of Staff, identified the organization as operating under Iran’s Ministry of Intelligence and described them as “the most notorious group affiliated with the Iranian regime.” He characterized their public acknowledgment of this attack as indicating “a new phase in Iran’s motivations.”
White House and Verifone
White House representatives stated the Trump administration is “proactively monitoring potential cyber threats” while maintaining coordination with critical infrastructure operators and law enforcement organizations. Neither the FBI nor CISA provided responses to media inquiries.
After targeting Stryker, Handala announced another operation against Verifone, an Israeli financial technology firm. Verifone refuted the claim, stating investigators discovered no signs of unauthorized access and customer services remained uninterrupted.
Ken Sheehan, director of operations at Smarttech247, observed that Handala primarily relies on phishing tactics and recommended organizations strengthen cybersecurity training programs for personnel.
Stryker employs approximately 56,000 people across 61 nations and generated over $25 billion in revenue during the previous fiscal year.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
