TLDR
- Iranian-affiliated cyber group Handala took credit for launching a cyberattack against Stryker on March 11, 2026
- The medical device company experienced widespread network failures, losing access to critical systems and business platforms
- Handala asserts they destroyed data on more than 200,000 devices and stole 50TB of information, framing it as payback for the Minab school attack in Iran
- The company has stated no ransomware or malicious software was found and considers the breach controlled
- Shares of SYK fell 3.6% on Wednesday as the cyberattack news broke
Medical technology company Stryker, headquartered in Michigan, suffered a damaging cyberattack on March 11 that disabled significant portions of its worldwide network infrastructure and triggered a 3.6% decline in share value.
In an SEC filing, the corporation disclosed that the security breach severed connections to multiple information technology systems and critical business platforms. No recovery timeframe was provided.
Employees and external contractors shared on social platforms that an Iranian-affiliated hacking collective’s emblem was displayed across company login screens. Those attempting to reach the Portage, Michigan corporate office encountered an automated message indicating the facility was “currently experiencing a building emergency.”
According to Stryker’s statement, no ransomware or harmful software has been identified, and management believes the security incident has been successfully isolated. However, the disruption proved substantial enough to impact operations at its Cork, Ireland manufacturing site — home to over 4,000 workers — along with additional locations in Limerick and Belfast.
The Iran-associated Handala collective announced their involvement through Telegram and X social channels. The organization characterized the assault as retaliation for the strike targeting the Minab girls’ school in southern Iran, which Iranian authorities claim resulted in approximately 150 student deaths on February 28, the initial day of coordinated U.S.-Israeli military operations against Iran. Reuters has not independently confirmed this casualty count.
Handala asserted they eliminated data from over 200,000 systems, servers and mobile devices, while exfiltrating 50TB of corporate information. They additionally claimed Stryker locations spanning 79 nations were compelled to cease operations. The company has not verified these particular assertions.
What Happened on the Ground
According to The Wall Street Journal, system failures commenced shortly after midnight Eastern time on Wednesday, cascading across global operations from that point. Remote Windows-based equipment — encompassing laptops and smartphones linked to Stryker’s infrastructure — experienced complete data erasure.
Cynthia Kaiser, formerly a senior FBI cyber official and currently with Halcyon, stated: “This is exactly the type of attack we have been worried about: Iranian proxies using destructive cyber attacks like data deletion against U.S. companies to retaliate.”
Handala possesses an established history of cyber operations. Check Point, an Israeli cybersecurity company, released research Tuesday connecting the collective to numerous hack-and-leak campaigns and destructive operations featuring data obliteration.
Gil Messing, Chief of Staff at Check Point, identified the collective as operating under Iran’s Ministry of Intelligence and labeled them “the most notorious group affiliated with the Iranian regime.” He indicated that publicly acknowledging the assault represents “a new phase in Iran’s motivations.”
White House and Verifone
White House officials confirmed the Trump administration is “proactively monitoring potential cyber threats” and maintaining coordination with critical infrastructure entities and law enforcement organizations. Neither the FBI nor CISA provided responses to media inquiries.
Subsequent to the Stryker incident, Handala announced another attack targeting Verifone, an Israeli financial technology firm. Verifone rejected this claim, asserting investigators discovered no signs of system compromise and client services remained uninterrupted.
Ken Sheehan, director of operations at Smarttech247, observed that Handala’s primary intrusion technique continues to be phishing campaigns and recommended organizations enhance cybersecurity awareness education.
Stryker maintains a workforce of approximately 56,000 employees distributed across 61 nations and generated over $25 billion in revenue during the previous year.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
