US medical technology manufacturer Stryker became the target of a major cyberattack early on the morning of March 11, 2026. The Iranian hacktivist group Handala claimed responsibility, stating the attack was a response to US airstrikes on a girls' school in Iran on the first day of the US-Israeli military operation against the country.
The company's Windows systems worldwide are affected. Employees in the US, Australia, India, Ireland, and other countries reported complete outages: internal login and admin pages were overwritten with Handala's logo, and numerous servers and endpoints were wiped (wiper attack). The group claims to have attacked over 200,000 servers, systems, and employee devices, stealing approximately 50 terabytes of data.
Stryker confirmed a "global network disruption in the Windows environment" and stated that teams are working intensively on restoration. The company has contingency plans to ensure business continuity and emphasizes the continuation of customer service. In an internal memo to staff, Stryker spoke of a "severe, global disruption" affecting all laptops and systems connected to the network.
According to employee reports, the attack began around 3:30 AM EDT (9:30 AM CET). Hackers allegedly compromised administrator access, triggered operating system resets on computers and mobile devices, and completely wiped many servers. Personal devices managed with company software (Intune, Company Portal, Teams, VPN) were partially wiped, making access to emails, Teams, and two-factor authentication more difficult.
Stryker employs approximately 56,000 people worldwide and manufactures surgical instruments, imaging devices, defibrillators, hospital beds, joint replacement systems, and other medical products – including equipment used by the US military to treat the wounded. The company has long-term contracts with the US Defense Logistics Agency: a contract in 2020 worth $225 million, extended in 2025 by $450 million.
Wiper attacks are among the most destructive forms of cyberattacks. Iran was previously behind the notorious Shamoon attack on Saudi Aramco in 2012, which wiped over 30,000 systems. Similar wiping attacks have more recently been attributed to Russia in Ukraine and North Korea in the 2014 Sony hack.
The attackers also used the incident to spread political messages. This is an evolving situation; further details are expected.
