New Delhi: As the US-Iran war carries on, reports suggest a major cyberattack has hit Stryker, a Michigan based healthcare equipment giant with operations across dozens of countries. Offices shut down, devices wiped, and employees suddenly locked out of systems.
Workers across multiple regions started reporting wiped laptops, wiped phones, and login pages showing the logo of a pro Iran hacking group. That is not a typical corporate IT outage.
Message posted by Iran-backed hacktivist group Handala
Iran-linked hacktivist group claims responsibility
According to reports, an Iranian-aligned hacktivist group called Handala Hack Team has claimed responsibility for the attack. The group posted a long statement on Telegram claiming it wiped data across a massive number of systems inside Stryker’s network.
The hackers claimed that they erased information from more than 200,000 systems, servers and mobile devices linked to the company.
Stryker is a major global medical technology manufacturer headquartered in Kalamazoo, Michigan. The company sells surgical equipment and medical devices worldwide and reported $25 billion in annual sales last year.
The attack appears to have triggered major operational disruption.
News reports from Ireland say more than 5,000 workers were sent home from the company’s largest international hub. At the same time, a voicemail at Stryker’s U.S. headquarters told callers that the building was facing an emergency situation.
That combination of physical disruption and cyber chaos is rare in corporate breaches.
My office has been in contact with both Stryker as well as the Trump Administration. Early reports are connecting this attack to a group linked to Iran. If true, this continues to demonstrate the threat the Iranian regime pose to America, our allies, and our interests.
Cyber…
— Rep. Bill Huizenga (@RepHuizenga) March 11, 2026
What exactly happened inside Stryker
Early details suggest this was not a typical ransomware attack.
Instead, the attackers appear to have used a data wiping technique, which destroys information rather than holding it hostage for payment.
Employees reportedly saw their devices suddenly reset or wiped. According to a Reddit thread, workers at Stryker reported that laptops stopped working, company phones lost access, login pages showed the Handala hacking logo, and devices connected to Microsoft systems were wiped
Many systems running Microsoft Windows inside the company’s network appear to have been affected.
One employee said their phone was completely wiped and they lost access to email accounts.
Another person wrote online that three company managed devices were wiped at around 3:30 AM EDT.
A third employee described a messy situation where personal phones enrolled in company security tools lost data access.
“Many colleagues phones have been wiped. Instructed to remove Intune, company portal, Teams, VPN from personal devices,” one employee posted online.
Another worker said their device lost access to an eSIM and two factor authentication accounts.
Those comments give a glimpse of how disruptive this attack has been on the ground.
Why the hackers say they launched the attack
The Handala group claims the cyberattack was retaliation for a missile strike that hit a school in Iran on February 28.
The group’s statement accused global powers of injustice and said the stolen data would be used to expose corruption.
Part of their statement read:
“All the acquired data is now in the hands of the free people of the world.”
Cybersecurity researchers have previously linked the group to Iran’s intelligence ecosystem. Security firm Palo Alto Networks has tied Handala to actors connected with Iran Ministry of Intelligence and Security.
Researchers believe the group emerged in late 2023 and may be linked to an intelligence linked hacking actor known as Void Manticore.
Stryker confirms cyber attack but gives few details
Stryker acknowledged the incident in a short statement.
The company said it detected a global network disruption in its Microsoft environment caused by a cyber attack.
The company said it does not see signs of ransomware or malware at this stage.
Stryker stated:
“We have no indication of ransomware or malware and believe the incident is contained.”
The company added that internal teams are investigating the scope of the attack and trying to restore systems.
They said business continuity plans are in place so hospitals and partners can continue receiving support.
Right now it is not clear whether hospitals that rely on Stryker products have experienced any operational impact.