Iranian-Linked Hackers Strike US Medical Tech Giant Stryker in Global Cyber Attack

A major cyber attack has crippled the global operations of Stryker, a prominent US medical technology company, leaving thousands of employees worldwide unable to work and raising concerns about the vulnerability of critical healthcare infrastructure to state-sponsored hackers.

The attack, which allegedly occurred overnight, has affected all Stryker operations across Europe, Asia, and the United States. The company’s IT systems remain offline, with most work devices—including personal phones with Stryker work profiles—reportedly wiped by the cybercriminals.

Stryker employs more than 56,000 people globally and operates in 61 countries. The company’s Cork, Ireland facility, where 4,000 people are employed, serves as its largest site outside the United States and has been among the hardest hit by the disruption.

In a message to staff, Stryker stated: “We are experiencing a severe, global disruption impacting all Stryker laptops and systems that connect to our network.”

A separate update sent to colleagues in Asia read: “At this time, the root cause has not yet been identified. We are actively engaged with Microsoft and treating this as a critical, enterprise-wide incident.“

Sources indicate that Handala, a pro-Palestinian Iranian-backed hacker group, is the likely culprit behind the attack. The group has previously targeted companies based in Israel and is believed to have connections to Tehran.

“Nobody can work. The entire company has been brought to a standstill. Nobody has any idea what is going on. This is going to have a huge knock-on effect.”

The timing of the attack is particularly concerning, coming just two days after Stryker launched its SmartHospital Platform on March 9—a system designed to connect devices, data, and care teams in hospitals. The new platform’s emphasis on digital interconnectedness may have expanded the company’s attack surface, though no direct link has been established.

The incident occurs against a backdrop of escalating tensions in the Middle East. A translated post from a public Telegram board attributed to a Quds Force spokesman warned that US banks and economic centers would be “next targets,” advising people to stay outside a one-kilometer radius of such facilities.

“Americans should expect our retaliatory and painful response,” the message stated, referring to what it described as an attack on Iranian banking infrastructure.

Stryker has a documented history of addressing cybersecurity vulnerabilities, with past advisories covering threats including WannaCry, Log4j, and KRACK. The company maintains a Coordinated Vulnerability Disclosure Process for reporting medical device vulnerabilities, typically responding within five business days.

The Gardai and Stryker have been contacted for comment. Microsoft has not yet issued a public statement regarding its involvement in the incident response.