Medical technology manufacturer Stryker disclosed a global cyberattack on March 11, 2026 affecting its Microsoft environment and disrupting operations worldwide. The Fortune 500 company stated the attack caused network disruptions but found no indication of ransomware deployment or malware installation.
Iran linked threat group Handala Hack claimed responsibility for the attack, marking a tactical shift from espionage focused operations to disruptive infrastructure attacks. Stryker provides surgical equipment, orthopedic implants, and medical devices to healthcare facilities globally, making operational disruption potentially life threatening for patients requiring urgent procedures.
Operational Impact
The attack disrupted Stryker’s Microsoft environment including email, collaboration tools, and potentially inventory management systems. While the company stated no ransomware was deployed, the infrastructure disruption affected its ability to coordinate with healthcare providers and manage medical device logistics.
Security researchers note Handala Hack’s targeting of medical infrastructure represents escalation in cyber operations linked to geopolitical tensions. Previous attacks by the group focused on intelligence gathering rather than operational disruption, suggesting evolving objectives and increased aggression.
Attribution and Response
Handala Hack publicly claimed the attack as part of its campaign targeting Western and Israeli aligned infrastructure. The group operates as part of broader Iran linked cyber operations though its exact relationship to Iranian state intelligence remains subject to analysis by security researchers.
Stryker stated the full scope of the attack and restoration timeline remain under investigation. The company is working with cybersecurity experts and law enforcement to assess the impact and implement additional safeguards. Healthcare facilities dependent on Stryker equipment were advised to implement contingency plans during the disruption.
