Michigan-based medical technology giant Stryker found itself at the center of a massive cyberattack on March 11, 2026, as a pro-Iranian hacking group known as Handala claimed responsibility for a global disruption that rippled through the company’s digital infrastructure. The incident, which began shortly after midnight Eastern time, led to the shutdown of Stryker’s global headquarters in Portage, Michigan, and impacted its operations in 61 countries, leaving tens of thousands of employees unable to access their computers and mobile devices.
According to The Wall Street Journal and Bloomberg, the attack was unprecedented in its scale and speed. Employees across the world received urgent text messages before 7:30 a.m. instructing them not to connect to the company’s network or use any mobile apps tied to Stryker, including Microsoft Outlook and Teams. A striking image greeted many: instead of the usual login screens, devices displayed the logo of Handala, a pro-Palestinian group linked by cybersecurity experts to Iran’s Ministry of Intelligence and Security.
Handala quickly took to its Telegram channel to claim responsibility, stating the attack was retaliation for a strike on the Minab school in Iran that killed scores of children, as well as ongoing cyber assaults on the so-called Axis of Resistance. The group boasted of wiping more than 200,000 systems, servers, and mobile devices, and claimed to have extracted 50 terabytes of data, threatening to make the information public. While these claims are difficult to independently verify, the impact on Stryker’s systems was immediate and severe.
Stryker, a global leader in medical technology founded by Dr. Homer Stryker and headquartered in Portage, employs over 56,000 people worldwide and reported $25 billion in revenue in 2025. Its products—including joint replacement implants, surgical instruments, hospital beds, and robotic-assisted surgery technology—are essential to hospitals and surgical centers around the globe. The attack raised immediate concerns about the availability and safety of medical equipment, with some production systems shut down in Ireland, home to Stryker’s largest manufacturing hub outside the United States, according to the Irish Examiner.
In a public statement, Stryker confirmed the cyberattack had targeted its Microsoft-powered environment, disrupting networks at facilities worldwide. The company emphasized, "We have no indication of ransomware or malware and believe the incident is contained." Stryker also assured stakeholders, "Our teams are working rapidly to understand the impact of the attack on our systems. Stryker has business continuity measures in place to continue to support our customers and partners. We are committed to transparency and will keep stakeholders informed as we know more."
Despite these reassurances, the real-world effects were impossible to ignore. Employees were sent home as a precaution, and the company’s Portage headquarters—normally bustling with activity—sat empty, with a sign on the door warning staff to stay off the network and disconnect all devices. In addition, Stryker advised employees to delete work profiles from their smartphones and avoid connecting to Wi-Fi until systems could be restored.
Retired Brigadier General Michael McDaniel, a former deputy assistant secretary for Homeland Defense, noted the complexity of recovery: "They may have to reconstruct certain systems and that can take, you know, a couple of days." The scale of the attack led Thomas Holt, director of Michigan State University’s Center for Cybercrime Investigation & Training, to remark, "There’s a lot of different examples of these kinds of attacks, but not one that has this extreme of a global set of effects."
The attack’s timing was no coincidence, experts say. It followed a series of U.S. and Israeli military actions in Iran on February 28, 2026, and subsequent retaliatory moves in the Middle East. Handala, which emerged around 2023, has previously targeted Israeli businesses and other entities in the region. Its ties to Iran’s intelligence apparatus have been highlighted by multiple threat intelligence firms, suggesting a broader geopolitical motive behind the Stryker breach.
U.S. Representative Bill Huizenga (R-MI) weighed in, saying, "If true, this continues to demonstrate the threat the Iranian regime poses to America, our allies, and our interests. Cyber attacks from foreign adversaries, especially Iran, exemplify why funding for the Department of Homeland Security, which has been passed by the House, should be passed by the Senate without further delay." The Trump administration, according to a White House official cited by Reuters, is monitoring the situation and coordinating a response with regulatory and law enforcement agencies. The Pentagon, for its part, declined to comment.
Cybersecurity experts warned that the attack could have been enabled by a vulnerability in Stryker’s network. Javed Ali, associate professor of practice at the University of Michigan’s Ford School of Public Policy, drew parallels to the 2014 Iranian cyberattack on Las Vegas Sands Corp., which paralyzed its networks after controversial comments by its owner. "Accessing devices and destroying data, however, represents a higher-end capability," Ali said, underscoring the sophistication of the Stryker breach.
Experts also stressed the importance of cyber hygiene. "Having that awareness for all of this is a good common-sense thing to do," Ali noted. Thomas Holt added that regular backups and up-to-date software are key defenses, and companies should have contingency plans in place. While Stryker reported no evidence that its medical equipment had been compromised, the incident served as a stark reminder of the risks facing critical infrastructure in the healthcare sector.
Financial markets reacted swiftly. Stryker’s shares fell 3.6% on the day of the attack, closing at $345.78, though they recovered somewhat in after-hours trading. The company, which holds more than 14,200 patents and claims to impact over 150 million patients annually, faces the challenge of restoring full operations and regaining the confidence of customers and partners worldwide.
As Stryker and law enforcement continue their investigation, experts caution that this may only be the beginning. "The fact that this happened suggests there has been or will be attempts against others," Holt warned. "There probably is more to come." The Stryker incident stands as a sobering testament to the growing power of state-linked cyber groups and the critical need for vigilance in an increasingly interconnected world.