Iranian Hackers Claim Major Cyberattack on US Medical Giant Stryker
Iranian Hackers Attack US Medical Equipment Firm Stryker

Iranian Hackers Claim Major Cyberattack on US Medical Giant Stryker

Hackers linked to Iran have taken responsibility for a significant cyberattack targeting Stryker, a major US-based medical equipment manufacturer, causing widespread system disruptions across its global operations. The attack occurred on Wednesday, March 11, 2026, leaving thousands of employees unable to access company systems according to multiple reports.

Handala Group Claims Retaliatory Strike

The Iranian-linked hacker group Handala claimed responsibility for the attack through social media posts, describing it as retaliation for what they called "the brutal attack on the Minab school" and in response to ongoing cyber assaults against infrastructure of the Axis of Resistance. The group specifically targeted Stryker, labeling it a "Zionist-rooted corporation" and "one of the key arms of the global Zionist lobby."

Following the attack, Handala's logo appeared on Stryker company login pages, according to the Wall Street Journal. The group claimed to have wiped over 200,000 systems, servers, and mobile devices while extracting 50 terabytes of critical data, which they subsequently released to the public.

Background and Corporate Connections

The Minab school attack referenced by Handala occurred during the opening US and Israeli military action in Tehran, resulting in at least 175 deaths, most of them children. A US military investigation determined President Donald Trump's attack caused the destruction, though Trump himself has refused to accept responsibility.

Stryker's connection to Israel through its 2019 acquisition of medical technology company OrthoSpace appears to have made it a specific target for the Iranian hackers. The Michigan-based company reported $25 billion in global sales in 2025 and is a major supplier to hospitals across the United States.

Company Response and Industry Impact

Stryker addressed the cyberattack in a statement posted to its website, acknowledging "a global network disruption to our Microsoft environment as a result of a cyber attack." The company stated it had no indication of ransomware or malware and believed the incident was contained, with teams working to understand the impact on systems.

"Stryker has business continuity measures in place to continue to support our customers and partners," the company said. "We are committed to transparency and will keep stakeholders informed as we know more."

Healthcare professionals expressed concern about potential supply chain disruptions, with one anonymous source telling KrebsonSecurity that "pretty much every hospital in the US that performs surgeries uses their supplies." However, John Riggi, national advisor for the American Hospital Association, reported no immediate supply-chain disruptions stemming from the attack.

Employee Instructions and Broader Context

Following the attack, Stryker employees were reportedly instructed not to log on to their computers or connect to any company mobile apps. A text message sent to employees stated, "We are experiencing a severe, global disruption impacting all Stryker laptops and systems that connect to our network," according to WOOD-TV.

The cyberattack occurred just one day after FBI Director Kash Patel announced his agency was working "24/7" to stay ahead of potential cyber threats, implementing what he described as a sweeping cyber strategy pursuant to President Trump's "Cyber Strategy for America."

Handala's Threats and Symbolism

In their statement, Handala threatened further cyberattacks, declaring, "The era of the 'Epstein' rings and the demons of our time is over. 'Nimrod of this era,' even if you close your windows, we will build our nests everywhere. Get ready for the mosquito..." The reference to Nimrod, a Biblical figure associated with rebellion against God and sometimes linked to the Tower of Babel, adds symbolic weight to their threats.

The group claimed all acquired data was now "in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption."

As of the latest reports, the full impact of the cyberattack on Stryker's operations and the broader medical supply chain remains under assessment, with the company maintaining its business continuity measures while investigating the extent of the breach.