A pro-Iranian hacktivist group has claimed responsibility for a large-scale cyberattack on Stryker, one of the world’s biggest medical technology companies, causing a global network disruption across the company’s Microsoft environment.
Stryker is a Fortune 500 company headquartered in Michigan that specialises in surgical equipment, orthopaedic implants, and neurotechnology. The company employs roughly 56,000 people globally and posted revenues exceeding $25 billion in 2025.
What Happened
The attack shut down technology operations across Stryker’s global offices, leaving thousands of employees unable to access company systems. Staff and contractors found the logo of the hacking group displayed on their login pages, and devices, including phones, laptops, and servers connected to Stryker’s network, were wiped. Windows-based systems appear to have been particularly affected.
The group responsible, known as Handala — also called the Handala Hack Team, and assessed by security firm Palo Alto Networks as a persona maintained by Void Manticore, a group affiliated with Iran’s Ministry of Intelligence and Security, posted a lengthy claim of responsibility on social media. The attackers stated they had wiped over 200,000 systems, servers, and mobile devices, and extracted 50 terabytes of data, forcing Stryker’s offices in 79 countries to shut down.
Stryker confirmed the incident in a public statement, saying it had found no indication of malware or ransomware and believed the attack was contained to its internal Microsoft environment. The company said business continuity measures were in place to continue serving customers.
The Stated Motive
Handala described the attack as retaliation for a military strike on an elementary school in Minab, Iran, that killed more than 100 people, most of them children. A preliminary US military investigation found the United States was responsible for the strike, which appears to have been a targeting error.
The attack is considered one of the first significant pro-Iranian hacks against US infrastructure since the US and Israel launched military strikes against Iran in late February.
Healthcare Impact
The disruption had immediate downstream effects on patient care infrastructure. Maryland’s Institute for Emergency Medical Services notified hospitals across the state that Stryker’s Lifenet ECG transmission system was non-functional in most parts of the state, advising paramedics to relay cardiac data verbally to receiving hospitals by radio. Hospitals across the US were also assessing whether to disconnect Stryker equipment from their internal networks as a precaution.
The US Cybersecurity and Infrastructure Security Agency (CISA) said it was investigating the attack and working alongside public and private sector partners to provide technical assistance.
India Angle: Significant Exposure at Stryker’s R&D Hubs
India has become one of Stryker’s most strategically important technology bases — and that makes this attack particularly significant for Indian operations.
Stryker recently opened a new 140,000-square-foot R&D facility in Whitefield, Bengaluru, which complements its existing 220,000-square-foot R&D campus in Gurugram. The Bengaluru centre is focused on robotics, artificial intelligence, digital innovation, and product security areas that sit squarely within the type of critical data and system access that was reportedly compromised.
Stryker’s India operations are headquartered in Gurugram, with regional sales offices in Mumbai, Chennai, and Kolkata, and a workforce of more than 1,000 employees in the country.
Given that the attack reportedly wiped devices across Stryker’s global Microsoft environment in 79 countries, India — with two large technology centres and a significant engineering workforce — is almost certainly among the affected geographies, though Stryker has not provided a country-by-country breakdown of the impact.
The incident is a stark reminder for Indian medtech and IT teams of the vulnerability of globally integrated corporate networks to geopolitically motivated cyber warfare. India’s own medical device sector, which has been rapidly digitising supply chains and hospital systems, faces similar exposure risks as it deepens ties with multinational medtech firms.
Broader Significance
Security experts note that targeting a medical device company — rather than a defence contractor or government agency — reflects a deliberate escalation strategy, aimed at maximising civilian disruption and reputational damage. Stryker had previously secured a $450 million contract from the US Department of Defense to supply medical devices to the military, which may have made it a symbolic target.
Since the onset of the US-Israel-Iran conflict, Handala has claimed a string of attacks, including wiping Israeli military weather servers, hacking energy companies in the Gulf, and stealing data from Western organisations.
The attack on Stryker underscores a growing reality for multinational corporations with global Microsoft-integrated environments: geopolitical conflict increasingly spills over into corporate networks, and healthcare infrastructure is no longer off-limits.
Sources: CNN, TechCrunch, SecurityWeek, Krebs on Security, Time, NewsNation, Al Jazeera, BW Healthcare World, Digital Health News
