Iran-Linked Hackers Target Stryker in Global Cyberattack
A cyberattack, suspected to be linked to Iran, has caused a “severe, global disruption” at Stryker, a major medical technology company based in Portage, Michigan. The attack began on Wednesday, March 11, 2026, impacting systems across the company’s global network and prompting a response from cybersecurity experts and homeland security officials.
Attack Details and Attribution
The hacktivist group claiming responsibility, known as Handala Hack Team (also referred to as It will go away), posted a statement on Telegram asserting they had forced the shutdown of Stryker offices in 79 countries and erased data from over 200,000 systems, servers, and mobile devices . The group cited a February 28 missile strike that reportedly killed at least 175 people, most of them children, as their motivation for the attack .
Cybersecurity firm Palo Alto Networks has linked Handala to Iran’s Ministry of Intelligence and Security (MOIS), identifying it as one of several online personas maintained by a MOIS-affiliated actor known as Void Manticorea . The group primarily focuses on targets in Israel, but occasionally expands its scope to serve specific agendas .
Impact on Stryker and Healthcare Providers
Stryker confirmed the cyberattack and stated its teams are working to understand the impact on its systems. The company has activated business continuity measures to continue supporting customers and partners . Employees reported receiving notifications about the disruption impacting laptops and systems connected to the company’s network .
The attack has already begun to affect healthcare providers. One healthcare professional at a major university medical system in the United States reported being unable to order surgical supplies normally sourced through Stryker, highlighting a potential supply chain disruption . Stryker is a major supplier of medical devices, and disruptions could impact surgical procedures across the U.S. .
Technical Details of the Attack
While wiper attacks typically involve malicious software overwriting data, sources indicate the perpetrators in this case appear to have used Microsoft Intune, a cloud-based service for managing device security and compliance, to issue a ‘remote wipe’ command against connected devices . Some Stryker employees were reportedly instructed to uninstall Intune .
Stryker’s Response and Ongoing Investigation
Stryker officials stated they have no indication of ransomware or malware and believe the disruption is contained . The company is committed to transparency and will provide updates as more information becomes available . The American Hospital Association (AHA) is actively exchanging information with the hospital field and the federal government to assess any potential impact on hospital operations .