Cyber Attacks

Iran-Linked Hackers Target Medical Device Maker Stryker

The CyberSignal

The CyberSignal

3 min read
Digital visualization of a network of compromised ID cards, medical records, and red warning icons, representing the massive scale of a healthcare data breach.

A suspected Iran-linked cyberattack disrupted global operations at Stryker Corporation, one of the largest medical device manufacturers in the United States, highlighting growing concerns that geopolitical tensions are increasingly spilling into cyberspace.

The Michigan-based company confirmed that a cyber incident affected its corporate network environment, causing widespread disruption to internal systems used by employees across the organization. Stryker said the attack impacted parts of its Microsoft-based infrastructure, limiting access to certain systems while the company worked to contain the incident and restore operations.

Stryker employs approximately 56,000 people across 61 countries and manufactures a range of medical technologies, including surgical robotics, orthopedic implants, and hospital equipment. The company reported more than $25 billion in revenue in 2025, making it one of the largest global suppliers in the healthcare technology sector.

Iran-Linked Hacker Group Claims Responsibility

A hacking group known as Handala, which cybersecurity researchers have previously linked to Iranian intelligence operations, claimed responsibility for the attack in messages posted on social media and messaging platforms.

The group alleged it had disrupted Stryker’s network as retaliation for geopolitical events involving Iran and the United States. The hackers claimed they wiped hundreds of thousands of devices and exfiltrated roughly 50 terabytes of corporate data, although those claims have not been independently verified.

Images circulating online appeared to show the group’s logo displayed on some company login screens during the incident, suggesting attackers may have gained access to parts of the organization’s device management systems.

Security analysts say the tactics described in early reports could indicate attackers leveraged enterprise device management tools to remotely disable or wipe systems, a method that can cause significant operational disruption without deploying traditional ransomware.

Operational Disruption Across Corporate Systems

Stryker said the cyberattack disrupted internal operations, including access to systems used for processing orders, manufacturing, and logistics.

A gloved hand reaching toward a digital surgical interface that is shattering into red pixels and warning icons, representing a disruptive wiper attack.

The company stated that while corporate systems were affected, there was no evidence of ransomware or malware, and early investigations suggested the incident had been contained.

Stryker also emphasized that patient-facing technologies and connected medical devices were not impacted by the attack.

Despite those assurances, the disruption affected employees’ ability to access corporate networks, email, and internal systems, forcing the company to implement contingency procedures while restoring affected infrastructure.

Following reports of the attack, Stryker shares fell roughly 3–4% in trading, reflecting investor concerns about potential operational and financial impacts.

Cyber Conflict Expands Alongside Geopolitical Tensions

Cybersecurity experts say the attack reflects a broader pattern in which geopolitical conflicts increasingly manifest in cyberspace.

Iran has invested heavily in offensive cyber capabilities and has historically used proxy hacking groups to target government agencies, infrastructure providers, and private companies in the United States and allied countries.

The Handala group, active since 2023, has previously targeted organizations in Israel and across the Middle East and is widely believed by analysts to operate as a deniable front for Iranian intelligence services.

While the exact role of Iranian government entities in the Stryker attack has not been confirmed, U.S. officials and cybersecurity researchers have warned that Iranian-aligned groups may expand cyber operations during periods of geopolitical escalation.

Critical Supply Chains Increasingly Targeted

The targeting of a major medical technology manufacturer also underscores a growing shift in cyber operations toward industrial and supply-chain disruption rather than direct attacks on hospitals or patient systems.

Medical device companies like Stryker sit at the center of healthcare supply chains, supporting hospitals and healthcare providers worldwide. Disruptions to corporate systems could potentially affect manufacturing, shipping, and equipment delivery.

Security experts say such attacks can create outsized ripple effects without directly compromising patient data or medical devices.

Investigation Ongoing

Stryker said it is continuing to investigate the full scope of the incident and is working with cybersecurity experts to restore affected systems and strengthen defenses.

The company has not publicly attributed the attack to any specific group and declined to comment on the claims made by Handala.

As geopolitical tensions continue to intensify, analysts warn that cyber operations targeting critical industries — including healthcare, manufacturing, and infrastructure — may become increasingly common.

Read more