Security experts had warned of potential destructive cyberattacks in retaliation for recent U.S. and Israeli airstrikes on Iran. Those predictions materialized this week when Stryker, a global medical device manufacturer, confirmed a significant network disruption. A hacking group with longstanding ties to the Iranian government has taken credit for the incident.
Initial signs of the attack emerged through social media posts and a report from the Irish Examiner. Alleged Stryker employees and their relatives described how their phones and computers had been wiped. The Irish Examiner’s Wednesday morning report, citing anonymous sources, corroborated these accounts and noted that some devices displayed the Handala Hack logo upon login. Cybersecurity researchers have tracked this group for years and identify it as aligned with Iranian state interests.
On Thursday, Stryker issued a statement acknowledging a “global network disruption to our Microsoft environment as a result of a cyber attack.” The company clarified that responders found no evidence of ransomware or malware, which are typical culprits in such outages. They believe the incident is now contained and restricted to the internal Microsoft environment.
Despite the infrastructure issues, Stryker confirmed that critical medical devices remain operational. Lifepak and Lifenet systems, used for monitoring and managing heart attacks and transmitting patient data in real time, are functioning normally. Mako devices, employed in surgical procedures, are also unaffected.
In a Securities and Exchange Commission filing on Wednesday, Stryker stated that it has no timeline for restoring normal daily operations. The company continues to assess the impact and work on recovery efforts.
