Iran Linked Hacking Group Wipes Data of U.S. Medical Device Manufacturer

[mat200]

Iran Linked Hacking Group Wipes Data of U.S. Medical Device Manufacturer
Posted By Steve Alder on Mar 12, 2026

Stryker, a U.S. medical device and medical equipment manufacturer based in Portage, Michigan, is dealing with a cyberattack linked to the current U.S. military action in Iran. The cyberattack started shortly after midnight and has caused an outage of systems across the organization. An Iran-linked hacking group has claimed responsibility for the attack.

Stryker has operations in 61 countries and has a global workforce of more than 56,000 employees. Stryker said in a filing with the U.S. Securities and Exchange Commission (SEC) that the attack has and is expected to continue to cause “disruptions and limitations of access to certain of the Company’s information systems and business applications.” Stryker is currently unable to provide a timeline for when systems and data will be recovered and when normal operations will resume.
.. ( more at link below )

cross post in the USA Iran conflict thread

On March 11, 2026, the Iran-linked hacking group Handala claimed responsibility for a massive cyberattack on Stryker Corporation that disrupted operations across 79 countries. The group alleges it extracted 50 terabytes of data and wiped over 200,000 systems, servers, and mobile devices by compromising the company's Microsoft Intune administrative console.

Attack Execution and Impact
Instead of deploying traditional malware or zero-day exploits, the attackers reportedly obtained administrative credentials for Stryker's cloud-based
Microsoft Intune
environment. They then abused legitimate remote wipe commands to factory reset enrolled laptops and smartphones globally.
NBC News +2

• Operational Paralysis: The attack paralyzed order processing, manufacturing, and shipping for the $25 billion medical technology giant.
• Workforce Disruption: Approximately 56,000 employees were impacted. In Cork, Ireland, home to Stryker's largest site outside the U.S., roughly 5,000 to 5,500 workers were sent home as systems went offline and manufacturing technology was disabled.
• Device Wiping: Employees worldwide reported that their corporate and personal (BYOD) devices—including those with Microsoft Office—were suddenly wiped, resulting in the loss of access to emails, Teams, and personal data.
• Healthcare Safety: While Stryker stated that products like Mako surgical robots and LIFEPAK defibrillators remain safe to use, the disruption to communication and ordering systems has raised concerns about critical healthcare infrastructure.

Geopolitical Context
Handala, which researchers have linked to Iran's Ministry of Intelligence and Security (MOIS), framed the assault as a retaliatory strike. The group cited a recent missile strike on an elementary school in Minab, Iran, as their primary motivation. They also described Stryker as a "Zionist-rooted corporation," potentially due to the company's 2019 acquisition of the Israeli firm OrthoSpace.
Following the initial reports, Stryker's stock (SYK) fell approximately 4% to 9%
View attachment 239894

https://www.hipaajournal.com/stryker-cyberattack-iran/

https://www.hipaajournal.com/stryker-cyberattack-iran/