US medical tech firm Stryker hacked, pro-Iran group claims credit

Washington – A cyberattack against US medical technology maker Stryker crippled the company’s global operations, according to a person familiar with the matter and a memo seen by Bloomberg News.

A pro-Iranian digital activist group, Handala, has claimed credit for the incident, potentially marking the first known major cyberdisruption of an American organisation since joint US-Israeli strikes against Iran. Neither the company nor any cybersecurity agency has confirmed that an Iranian group was behind the incident. 

Many Stryker employees worldwide are unable to work and have been sent home from offices and told to avoid connecting to any Stryker networks or software on any device, according to the person. Some employees have also seen data on their devices wiped as a result of the attack, the person added.

Shares of Stryker were down as much as 5.3 per cent after the Wall Street Journal reported on the matter.

“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyberattack,” a company spokesperson said in a statement. 

“We have no indication of ransomware or malware and believe the incident is contained,” the spokesperson added.

“Our teams are working rapidly to understand the impact of the attack on our systems. Stryker has business continuity measures in place to continue to support our customers and partners.” 

Neither the Federal Bureau of Investigation nor the US Cybersecurity and Infrastructure Security Agency responded to inquiries.

The Trump administration proactively monitors for potential cyberthreats, and regulators and law enforcement entities are available for any response measures, according to a White House official, who declined to be identified to discuss the matter and did not specifically address Stryker’s case.

Stryker manufactures a wide range of medical devices and equipment with a focus on orthopaedics, surgical tools, neurotechnology and spinal products, including emergency services and intensive care disposable equipment, according to the company’s website.

Most of its products are marketed directly to doctors, hospitals and other healthcare facilities and are available in more than 61 countries, according to the company’s filings. 

Stryker generates about US$25 billion (S$31.9 billion) in revenue annually and has a market valuation of about US$131 billion. 

Handala claimed responsibility for the attack in a statement posted online on March 11. The group portrayed its alleged actions as retaliation for a suspected US bombing of an Iranian school and threatened a “new chapter in cyberwarfare”.

Mr Sergey Shykevich, threat intelligence group manager at the Israeli cybersecurity firm Check Point Software Technologies, said: “Critical healthcare infrastructure represents a high-value, high-impact target: disruption doesn’t just mean data loss, it can mean patient safety.”

The attack unfolded dramatically, beginning around midnight US Eastern time, when workers saw systems go down in front of them one at a time.

Once they realised what was happening, employees scrambled to unplug some machines to save data, according to the person. The effort was frantic and had mixed results. In some offices, as many as 95 per cent of the computers and devices were wiped, the person said.

Handala suggested it had attacked Stryker because it had connections to Israel. In 2019, Stryker acquired the Israeli company OrthoSpace. Stryker has also previously worked with the US military: in 2025, it won a US$450 million contract to supply medical devices to the US Department of Defense. BLOOMBERG