Pro‑Iran Hackers Claim Massive Cyberattack on Medical Giant Stryker
Handala says it wiped 200,000 systems, stole 50TB of data, and disrupted emergency services in a global cyber retaliation campaign
As the war in the Middle East continues into a third week, an Iran-linked hacking group has claimed responsibility for a sweeping cyberattack against U.S.-based medical device manufacturer Stryker, framing the breach as retaliation for recent military strikes against Iran by the United States and Israel, reports The Dallas Express.
The group, known as Handala, presents itself as pro‑Palestinian but is widely viewed by cybersecurity experts as operating in alignment with Iranian government interests, said the Express.
On Wednesday, Handala said it targeted Michigan‑based Stryker, alleging it wiped more than 200,000 servers, mobile devices, and other systems, stole 50 terabytes of data, and forced the shutdown of offices in 79 countries.
“We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success,” the group said in a statement cited by Wired. “This is only the beginning of a new era of cyber warfare.”
Stryker, a Fortune 500 company that manufactures surgical equipment, orthopedic implants, and neurotechnology used by more than 150 million patients worldwide, confirmed it experienced a cyber incident affecting its Microsoft environment.
“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack,” the company said in a March 11 statement. “We have no indication of ransomware or malware and believe the incident is contained.”
Employees and contractors reported seeing the Handala logo displayed on login pages, with phones, laptops, and Windows systems particularly affected. Stryker instructed workers not to power on company devices and to disconnect from all networks.
In subsequent updates, the company said the disruption remained limited to internal systems and emphasized that key products—including the Mako robotic surgical system, Vocera communication devices, and the LIFEPAK35 cardiac monitor and defibrillator—were safe to use. Stryker added that business continuity measures were in place to support customers.
Users on Reddit reported device failures across multiple countries, with one post claiming several Stryker‑managed devices were wiped overnight and had their login pages defaced.
The outage also affected emergency medical services in at least one U.S. state. Maryland officials warned hospitals that Stryker’s Lifenet electrocardiogram transmission system was largely non‑functional, forcing EMS clinicians to rely on radio communication. Authorities said patient care was not impacted.
Stryker shares fell more than 3% following reports of the breach. The company employs about 56,000 people and reported more than $25 billion in revenue in 2025.
On the same day, Handala also hacked the Academy of Hebrew Languages website, posting a threatening message in English, as part of a broader surge in cyberattacks targeting Israeli infrastructure.