The article describes a disruptive cyberattack claimed by the Iran-linked Handala group against Stryker, involving network disruption and potential data wiping of over 200,000 systems, reportedly in retaliation for geopolitical events. The attack vector and technical method are not detailed, and no CVE, CVSS score, affected software versions, fixed versions, or specific workarounds are provided in the source material. This incident represents a significant escalation, highlighting the direct targeting of critical US healthcare infrastructure by a nation-state-aligned actor.
Cyber-crime Iran-linked cyber crew says they hit US med-tech firm Meanwhile, Verifone says 'no evidence' to support the digital intruders' claims Jessica Lyons Wed 11 Mar 2026 // 20:40 UTC A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes. If true, the incident would mark a major escalation in the war's cyber component , and could be the first destructive cyberattack linked directly to the current war to hit a major US company. In a Wednesday statement , Stryker said it was "experiencing a global network disruption to our Microsoft environment as a result of a cyber attack," adding that there is no indication of a ransomware infection or any other type of malware deployment. Initial reports from Irish news outlets indicated that Stryker employees' devices , including their personal phones, were wiped in the attack. The medical equipment maker said that it believes the security incident has been contained, and continues investigating the impact on its systems. Stryker did not immediately respond to The Register 's questions about the cyberattack, including whether Handala, an Iranian hacktivist group believed to be a front for the Ministry of Intelligence and Security (MOIS) , was responsible for the incident. "If accurate, Handala's alleged disruptive attack on Stryker marks a significant escalation - this is the first time this Iranian-backed threat actor has disruptively targeted a major US enterprise," Check Point Research threat intelligence group manager Sergey Shykevich told The Register . "The fact that they've set their sights on a major medical device company is particularly alarming," Shykevich added. "Critical healthcare infrastructure represents a high-value, high-impact target: disruption doesn't just mean data loss, it can mean patient safety. This should serve as a wake-up call for the entire medtech sector to urgently reassess their threat landscape - nation-state actors are no longer someone else's problem." Handala, in a lengthy post on its now-deleted Telegram channel and also shared on X, claimed it wiped more than 200,000 systems and servers, and stole 50 TB of "critical data." The group said the hack was "in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance." Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations Iran's cyberwar has begun Iran intelligence backdoored US bank, airport, software outfit networks Iran is the first out-loud cyberwar the US has fought At least 175 people, most of them children, were reportedly killed in what appears to have been a Tomahawk missile strike on an Iranian elementary school in Minab when the US military may have mistakenly targeted the area. The school was adjacent to, and may once have been part of, an Iranian military compound. The crew also claimed to have breached payment device maker Verifone, and released screenshots (seen by The Register ) that appeared to show the company's internal systems with a Handala Hack logo overlay. Verifone, in a statement to The Register , refuted the hacktivists' claims. "We have observed recent allegations on March 11, 2026 from threat actors claiming an intrusion into our systems in Israel," a Verifone spokesperson said. "Verifone has found no evidence of any incident related to this claim and has no service disruption to our clients." ® Share More about Iran Security More like these × More about Iran Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics EMEA More about Share POST A COMMENT More about Iran Security More like these × More about Iran Security Narrower topics 2FA Advanced persistent threat Application Delivery Controller Authentication BEC Black Hat BSides Bug Bounty Center for Internet Security CHERI CISO Common Vulnerability Scoring System Cybercrime Cybersecurity Cybersecurity and Infrastructure Security Agency Cybersecurity Information Sharing Act Data Breach Data Protection Data Theft DDoS DEF CON Digital certificate Encryption End Point Protection Exploit Firewall Google Project Zero Hacker Hacking Hacktivism Identity Theft Incident response Infosec Infrastructure Security Kenna Security NCSAM NCSC Palo Alto Networks Password Personally Identifiable Information Phishing Quantum key distribution Ransomware Remote Access Trojan REvil RSA Conference Software Bill of Materials Spamming Spyware Surveillance TLS Trojan Trusted Platform Module Vulnerability Wannacry Zero trust Broader topics EMEA TIP US OFF Send us news