Medical technology giant Stryker Corp. confirmed Wednesday that it is experiencing a severe global network disruption due to a cyberattack targeting its Microsoft environment, with reports linking the incident to an Iran-backed hacking group amid escalating U.S.-Iran tensions.
The company, headquartered in Portage near Kalamazoo and a major player in surgical equipment, orthopedics, neurotechnology and patient care products, issued a statement on its website acknowledging the attack.
“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack,” the company said in an update posted March 11, 2026. “We have no indication of ransomware or malware and believe the incident is contained. Our teams are working rapidly to understand the impact of the attack on our systems. Stryker has business continuity measures in place to continue to support our customers and partners. We are committed to transparency and will keep stakeholders informed as we know more.”
The disruption began early Wednesday, shortly after midnight Eastern time, affecting thousands of employees worldwide. Reports indicate that remote devices including laptops, cellphones and other Microsoft Windows-based systems connected to Stryker’s network were remotely wiped or rendered inoperable. Employees received urgent text messages alerting them to the outage, and some described login pages displaying the logo of Handala, a pro-Iranian hacktivist group.
Handala, also known as the Handala Hack Team, claimed responsibility for the attack on social media platforms including Telegram. In a lengthy manifesto, the group asserted it had delivered an “unprecedented blow” by erasing data from more than 200,000 servers, mobile devices and other systems across Stryker’s operations in 79 countries. The hackers framed the incident as retaliation for U.S. and Israeli military strikes on Iran, specifically citing a “brutal attack on the Minab school” and ongoing cyber operations against the “Axis of Resistance.”
The Wall Street Journal first reported the suspected Iran link, noting that the attack marked a significant escalation in cyber operations tied to the ongoing conflict. Cybersecurity experts described the incident as a destructive “wiper” attack rather than traditional ransomware, focusing on data deletion and system disruption instead of extortion.
Stryker, which employs approximately 56,000 people globally and reported revenue exceeding $25 billion in 2025, emphasized that no evidence of ransomware or persistent malware had been found. The company stated it was collaborating with partners, including Microsoft, to restore systems and operations. Business continuity plans were activated to minimize impacts on customer support, though the full scope of operational disruptions remained unclear as of late Wednesday.
The attack comes against the backdrop of heightened geopolitical tensions following U.S. and Israeli military actions in Iran that began in February 2026. Iran has vowed retaliation through various means, including proxy operations and cyberattacks. U.S. officials have long warned of Iranian capabilities in asymmetric warfare, including cyber intrusions targeting critical infrastructure and private sector entities.
While Stryker’s core medical devices and manufacturing appear unaffected — with no reports of direct impacts on patient care equipment like defibrillators, hospital beds or surgical tools — the outage disrupted internal communications, remote access and potentially supply chain coordination. Facilities in locations including Ireland, where Stryker has significant operations in Cork employing thousands, reported similar system shutdowns.
Stock in Stryker (NYSE: SYK) fell about 3.6% on Wednesday amid the news, reflecting investor concerns over potential recovery costs, reputational damage and broader supply chain implications in the health care sector.
This is not Stryker’s first brush with cybersecurity issues. The company has previously issued advisories on vulnerabilities affecting its products, including responses to the WannaCry ransomware campaign and KRACK wireless protocol flaws in certain beds. In 2024, Stryker disclosed a separate data breach involving unauthorized access to internal systems between May and June, notifying affected individuals and regulators. However, the current incident appears distinct, focused on corporate IT infrastructure rather than product-specific vulnerabilities or patient data.
Experts noted that wiper-style attacks, while disruptive, are less common in Western targets compared to espionage or ransomware. Handala has a history of claiming politically motivated operations, often aligned with Iranian interests, though attribution in cyber incidents remains challenging without forensic confirmation.
Federal authorities, including the FBI and Cybersecurity and Infrastructure Security Agency (CISA), have not publicly commented on the Stryker case as of March 12, 2026. However, the incident aligns with broader warnings about Iranian cyber threats to U.S. companies, particularly those in strategic sectors like health care.
Stryker serves more than 150 million patients annually through its portfolio of medical technologies. The company urged patience as restoration efforts continue and promised further updates. No changes to patient safety protocols or product availability have been announced.
The cyberattack underscores the vulnerability of global enterprises to state-sponsored or affiliated actors in an era of hybrid warfare. As investigations proceed, the incident may prompt renewed calls for enhanced cybersecurity defenses across the medical technology industry.
