On March 11, 2026, pro-Iranian hackers brought one of the world’s largest medical technology companies to its knees. Stryker, a Fortune 500 firm headquartered in Michigan with over 56,000 employees worldwide , suffered a catastrophic cyberattack that wiped devices, shut down systems across 79 countries, and sent shockwaves through the global healthcare supply chain.
Who Is Behind the Attack?
The hacker group Handala has claimed responsibility. Cybersecurity researchers, including analysts at Palo Alto Networks, have linked Handala to Iran’s Ministry of Intelligence and Security (MOIS) and describe it as an online persona of Void Manticore, a state-affiliated threat actor. The group posted a manifesto calling it an “unprecedented blow” to Stryker, framing the attack as retaliation for a U.S. missile strike on the Minab girls’ school in Tehran on February 28 , an incident that Iranian state media says killed at least 168 children. The Pentagon is currently investigating that strike.
What Happened?
According to multiple reports and employee accounts, the attackers appear to have exploited Microsoft Intune , a cloud-based device management tool , to issue a remote wipe command across all connected Stryker devices. The result was devastating:
Over 200,000 servers, mobile devices, and systems were wiped, according to Handala’s claims. Employees across the U.S., Australia, India, Ireland, and dozens of other countries were locked out of company systems. Login pages on affected devices were defaced with the Handala logo. An estimated 50 terabytes of data were allegedly stolen. Stryker’s stock fell more than 4% following news of the breach.
In a statement, Stryker confirmed: “We are experiencing a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained.”
Why Stryker?
Handala referred to Stryker as a “Zionist-rooted corporation” in its manifesto , a likely reference to Stryker’s 2019 acquisition of Israeli medical technology company OrthoSpace. The company also holds a $450 million contract to supply medical devices to the U.S. Department of Defense, making it a high-value geopolitical target.
Real-World Healthcare Impact
This isn’t just a corporate IT crisis , it’s a healthcare emergency in the making. Stryker manufactures surgical equipment, orthopedic implants, defibrillators, and ambulance cots used in hospitals across the United States and globally. One healthcare professional at a major U.S. university medical system told KrebsOnSecurity they were already unable to order surgical supplies normally sourced through Stryker. “Pretty much every hospital in the U.S. that performs surgeries uses their supplies,” they warned.
The American Hospital Association said it is actively monitoring the situation and exchanging information with the federal government, though it has not yet confirmed supply-chain disruptions.
A Broader Warning
This attack represents what many cybersecurity experts have long feared: a nation-state adversary using a private company as a battlefield. Iran-linked groups had been relatively quiet against U.S. targets since the U.S.-Israel military campaign against Iran began in late February , but this attack signals that restraint may be over.
Joshua Corman, a cybersecurity expert focused on the health sector, put it plainly: the industry has been too focused on financially motivated attacks while underestimating the threat from adversarial nation-states with the means, motive, and opportunity to cause devastating disruptions.
As investigations continue, hospitals and healthcare providers should review supply chain dependencies on Stryker and implement contingency plans accordingly.
Thanmay Sarath is a Mensa member, ethical hacker, entrepreneur, and technologist passionate about cybersecurity and innovation. A researcher, international speaker, and published author, he works at the intersection of technology, security, and social impact, helping organizations and communities stay safe in an increasingly digital world.