Cyberattack on Stryker Highlights Geopolitical Tensions and Security Risks
On Wednesday, March 11, medical device company Stryker reported a global network outage to its Microsoft environment. On Thursday morning, the company stated that there was no indication of ransomware or malware and believes the incident is contained.
According to James Rundle and Dustin Volz of The Wall Street Journal, some Stryker systems worldwide have been wiped, and employees' devices displayed a logo linked to an Iran-affiliated group.
Cormac O’Keeffe and Liz Dunphy with the Irish Examiner wrote that, according to multiple sources, systems in the Cork headquarters have been “shut down” and that Stryker devices held by employees have been wiped out. “This shutdown is having a detrimental financial impact on the company as it effectively disables the technology used to manufacture Stryker’s range of medical products and devices.”
Stryker’s 5,500 employees were prevented from accessing company systems in Ireland, the US, Australia, and India, Jonathan Greig noted for The Record. “Several cybersecurity experts said it is likely that the hackers behind the attack used the native features and tooling in Microsoft Intune to cause damage.”
“One piece of Stryker equipment apparently disrupted by the cyberattack was an IT system called Lifenet, which emergency responders use to communicate patient data to hospitals,” Sean Lyngaas reported for CNN.
Healthcare Innovation spoke with a booth representative of Stryker at the annual HIMSS Global Health Conference & Exhibition in Las Vegas, who shared that internal systems were affected, but customer-facing solutions were not.
The hacktivist group Handala claimed responsibility for the breach in a message posted on an X account purportedly affiliated with the group. In the post, the group stated that the attack was “a clear warning to all Zionist leaders and their lobbies.”
“Claims like wiping 200,000 devices and extracting tens of terabytes of data should be treated cautiously until independently verified,” Ensar Seker, CISO at SOCRadar, said in a statement. “Hacktivist groups often exaggerate operational impact for psychological effect. However, even if the scale is smaller than claimed, a wiper-style attack against a global medical technology company is serious because it targets operational continuity rather than just data theft. In the healthcare ecosystem, outages affecting device manufacturers or support systems can ripple across hospitals, supply chains, and patient care environments.”
Furthermore, Seker noted, “What makes this incident notable is the alleged use of enterprise management infrastructure to execute a destructive campaign. If attackers gained access to tools such as mobile device or endpoint management platforms, they could push destructive commands at scale across thousands of systems almost instantly. That shifts the attack from traditional ransomware or espionage into a coordinated operational disruption, which is consistent with the tactics we increasingly see in geopolitically motivated hacktivism tied to regional conflicts.”
U.S. Intelligence officials have issued warnings about potential retaliation from hackers linked to Tehran in response to the U.S. and Israeli bombings of Iran that began last month, CNN’s Josh Campbell wrote earlier this week.
About the Author
Pietje Kobus-McAllister
Pietje Kobus-McAllister has an international background and experience in content management and editing. She studied journalism in the Netherlands and Communications and Creative Nonfiction in the U.S. Pietje joined Healthcare Innovation in January 2024.