Cyberwarfare MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack Stryker was targeted by the Handala group, which claims to have wiped more than 200,000 of the company’s devices. By Eduard Kovacs | March 11, 2026 (12:18 PM ET) Flipboard Reddit Whatsapp Whatsapp Email Medical technology giant Stryker has been targeted by a highly disruptive cyberattack carried out by an Iran-linked hacker group. Stryker is a Fortune 500 company that specializes in the manufacturing of surgical equipment, orthopedic implants, and neurotechnology. Headquartered in Michigan, the company employs approximately 56,000 people and reported over $25 billion in revenue for 2025. Its critical role in the healthcare supply chain makes it an essential partner for hospitals worldwide. The Iran-linked hacker group named Handala has taken credit for the attack, claiming to have struck an “unprecedented blow” to the company. The hackers claim to have wiped more than 200,000 servers, mobile devices, and other systems, forcing Stryker to shut down offices in 79 countries. They also allegedly stole 50TB of data from the company’s systems. Handala has been highly active since the start of the US-Israel-Iran conflict . The Wall Street Journal reported [paywalled] on Wednesday that Stryker has confirmed dealing with a cyber incident that resulted in a global outage, with staff and contractors seeing the Handala logo on login pages. Advertisement. Scroll to continue reading. The attack reportedly wiped phones, laptops, and other devices configured to connect to Stryker’s network. Windows systems appear to have been hit particularly hard. Stryker advised workers not to turn on company devices and to disconnect from all networks immediately, WSJ reported. SecurityWeek has reached out to Stryker for comment and will update this article if the company responds. The Handala group has been closely monitored by cybersecurity firms tracking activity surrounding the US-Israel-Iran war. On the surface, Handala is a hacktivist group aligned with pro-Palestinian and anti-Israeli sentiment. However, many in the cybersecurity community believe it’s a front for Void Manticore, a threat actor sponsored by the Iranian government. The hackers are known for phishing, data theft, extortion, and destructive attacks involving custom wiper malware. Threat intelligence company Flashpoint reported that the group has also been involved in information operations and psychological warfare. Since the start of the Iran war, Handala has claimed to have wiped Israeli military weather servers, intercepted security feeds in Jerusalem, stolen and wiped data from the systems of various companies, doxxed Israeli intelligence officers, and hacked an Israeli oil and gas exploration company. The group often boasts about its alleged achievements on its Telegram and X accounts, but its claims are often difficult to verify. Related : Iranian APT Hacked US Airport, Bank, Software Company Related : Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs ICS Patch Tuesday: Vulnerabilities Fixed by Siemens, Schneider, Moxa, Mitsubishi Electric Jazz Emerges From Stealth With $61M in Funding for AI-Powered DLP Kai Emerges From Stealth With $125M in Funding for AI Platform Bridging IT and OT Security Thousands Affected by Ericsson Data Breach OpenAI Rolls Out Codex Security Vulnerability Scanner Hundreds of Salesforce Customers Allegedly Targeted in New Data Theft Campaign Cylake Raises $45 Million to Secure Organizations Barred From Cloud Cybersecurity M&A Roundup: 42 Deals Announced in February 2026 Latest News Wiz Joins Google Cloud as Landmark Acquisition Closes CISO Conversations: Aimee Cardwell 238,000 Impacted by Bell Ambulance Data Breach Scanner Raises $22 Million for AI-Powered Threat Hunting OpenAI to Acquire AI Security Startup Promptfoo Fortinet, Ivanti, Intel Patch High-Severity Vulnerabilities How to 10x Your Vulnerability Management Program in the Agentic Era Michelin Confirms Data Breach Linked to Oracle EBS Attack Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Securing Fragile OT in an Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Virtual Event: Supply Chain Security and Third-Party Risk Summit March 18, 2026 Join the event where top security experts unpack the biggest software supply chain risks. Register People on the Move Ed Jennings has been appointed President and CEO at Darktrace. Ironscales has appointed Steven Malone as CSO and Amit Bluman as SVP of Research & Development. Synack has appointed Angela Heindl-Schober Chief Marketing Officer. More People On The Move Expert Insights How to 10x Your Vulnerability Management Program in the Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose a Critical Flaw in Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email