Medical device manufacturer Stryker says it is responding to a cyberattack that disrupted its internal Microsoft environment and caused a global network outage across the company.
While the firm reports no evidence of ransomware or malware, an Iran-linked hacking group has claimed responsibility and alleges it stole tens of terabytes of company data.
The Michigan-based company first disclosed the incident on March 11, 2026, stating that it was “experiencing a global network disruption” affecting its Microsoft-based systems. In a follow-up update posted shortly after midnight ET on March 12, Stryker said its teams were continuing to work on restoring internal communications and ordering systems.
According to the company, the disruption is believed to be contained within its internal Microsoft environment, and investigators have not identified signs of malware or ransomware. Stryker said its business continuity procedures remain active while engineers work to fully restore services.
The company also sought to reassure customers that its medical products remain unaffected by the attack. Systems and devices such as the Mako robotic surgery platform, Vocera clinical communication tools, and LIFEPAK 35 defibrillator systems are considered safe to use, as they are not impacted by the network disruption. Stryker added that orders placed before the incident remain visible in its systems and will be shipped once the communications infrastructure is restored, while orders submitted after the disruption are currently under review.
Stryker is one of the world’s largest medical technology companies. The firm manufactures a wide range of healthcare equipment, including orthopedic implants, surgical instruments, hospital beds, and robotic surgical systems. In 2025, the company reported more than $25 billion in revenue and said its products are used to treat over 150 million patients annually in 61 countries.
Handala, a hacking persona widely reported to have ties to Iranian state interests, publicly stated that it carried out the cyberattack against Stryker as retaliation for a recent US-Israeli military strike that reportedly killed more than 170 people at a school in the Iranian city of Minab.
According to reporting from Al Jazeera, Reuters, and the Associated Press, the attackers claim to have exfiltrated approximately 50 terabytes of company data, which they say has been released to the “free people of the world.” Stryker has not confirmed any data theft.
Employees reportedly began noticing problems shortly after midnight on the US East Coast, when Windows-based devices connected to the company’s network, including laptops and mobile devices, lost access to internal systems. Some staff also reported seeing the Handala logo displayed on corporate login portals during the incident.
Calls to Stryker’s headquarters in Portage were reportedly answered with a recorded message referring to a “building emergency,” though the company has not publicly detailed the nature of the disruption beyond its Microsoft environment.
Handala also claimed responsibility for a simultaneous attack on payments company Verifone, though Verifone has denied experiencing service disruptions.
The incident comes amid escalating geopolitical tensions and growing warnings from Iranian officials about potential cyber retaliation targeting Western economic infrastructure. State-affiliated Iranian media recently published lists of Western technology firms, including Google, Microsoft, and Nvidia, described as potential future targets.
For now, Stryker says it is continuing to investigate the attack and working to restore its electronic ordering platform. The company has advised customers that it remains safe to communicate with Stryker employees and sales representatives via email, phone, and within healthcare facilities.
Healthcare organizations that rely on vendor connectivity are generally advised to maintain contingency plans for supply chain disruptions and to ensure that internal medical systems remain segmented from external vendor networks.
Leave a Reply