Stryker has acknowledged that disruption to its operations is continuing more than a day after a cyberattack that the company and US officials have linked to Iran. The attack affected thousands of employees working across Stryker's Microsoft systems, causing what Handala, the group claiming responsibility, described as 'severe, global disruption' to the company's network.
Handala framed the attack explicitly as retaliation for a US strike on a school in Minab, Iran, which killed more than 175 people, the majority of them children. The group has previously been associated with Iranian state interests, though the precise relationship between Handala and the Iranian government has not been formally established by US authorities.
Stryker, which generates roughly $22bn in annual revenue and manufactures surgical equipment, orthopaedic implants and hospital beds, confirmed disruptions to its order management and manufacturing systems. The Wall Street Journal reported the attack represents one of the most significant Iranian cyber operations against a US company since the current conflict began.
The incident has prompted warnings across the US healthcare sector. Mass General Brigham, one of the largest hospital networks in the country, said it was on alert following the breach, underscoring concern that disruption to a major medical device supplier could have downstream consequences for patient care.
US officials and cybersecurity analysts have noted the attack marks a potential escalation in Iranian tactics, shifting from financial and government targets toward critical healthcare infrastructure. Congress has previously warned that medical device manufacturers represent a vulnerable point in US critical infrastructure given their deep integration with hospital systems.
