Stryker Corporation is in the process of restoring its internal systems following a major cyberattack that reportedly wiped thousands of employee devices. The breach, which took place on March 11, affected the company’s Microsoft-based internal network but did not compromise its internet-connected medical devices, which the firm confirmed remain safe for patient use.
The attack is seen as one of the first significant cyber incidents in the United States linked to geopolitical tensions between the United States and Iran. Operational disruptions have hampered Stryker’s ability to process orders, manufacture, and ship medical equipment, raising concerns across the global healthcare supply chain.
A pro-Iran hacking collective, identified as Handala, claimed responsibility for the breach, describing it as retaliation for a reported U.S. airstrike in Iran that resulted in civilian casualties. The group also defaced Stryker’s login portals and reportedly gained wide-ranging access to the company’s internal network, including administrative tools for managing employee devices.
Preliminary investigations suggest the hackers may have exploited an internal administrator account to access Microsoft Intune dashboards, allowing them to remotely wipe devices without deploying conventional malware. Cybersecurity analysts from Palo Alto Networks and IBM indicated that phishing attacks or stolen credentials could have been used to compromise the network.
While the full scope of the incident is still being assessed, Stryker, which employs more than 56,000 staff in over 60 countries, has not confirmed how access was initially gained or whether multi-factor authentication was in place on the compromised accounts. Experts say the attack highlights escalating cybersecurity threats to critical industries amid rising international tensions.