Stryker Hit by Destructive Cyberattack Linked to Iranian-Backed Group
A global medical technology firm, Stryker, suffered a devastating wiper cyberattack on Wednesday, suspected to be orchestrated by Handala Hack, a group with ties to the Iranian regime. The attack targeted the company’s Cork, Ireland headquarters, where up to 5,000 employees including 4,000 in Cork are based, crippling critical IT systems and manufacturing operations.
The National Cyber Security Centre (NCSC) in Dublin is responding to the incident, which involved the permanent deletion of data from infected systems a hallmark of wiper attacks, typically politically motivated rather than financially driven. Devices connected to Stryker’s network, including employee phones with Outlook installed, were wiped, and login screens were defaced with the Handala logo, a symbol of Palestinian resistance.
The attack has disrupted production of Stryker’s medical devices, with some manufacturing machines still operational but their long-term functionality uncertain. Staff were instructed to avoid connecting to the company’s network via any device, including mobile apps like Microsoft Teams and Outlook, while recovery efforts continue. Employees have been sent home, relying on WhatsApp groups for updates.
Stryker, which operates six manufacturing sites and three innovation centers in Ireland, is one of the country’s largest medical tech employers. The company confirmed the incident in a staff memo, stating that security experts and law enforcement are involved in the response, emphasizing that sites and personnel remain safe while efforts focus on restoring systems.
Handala Hack, linked to Iran’s cyber warfare campaigns, has recently targeted Israeli, Jordanian, and Saudi oil and gas facilities, as well as the Academy of the Hebrew Language, according to Israeli media. The Israeli National Cyber Directorate has warned of a surge in Iranian cyberattacks against civilian companies, suggesting Stryker may have been targeted due to its business ties with Israel.
The attack underscores Iran’s expanding cyber-economic warfare, extending beyond regional conflicts to global operations. With Ireland serving as Stryker’s largest hub outside the U.S., the incident highlights the growing threat of state-backed cyber sabotage in critical industries.
Source: https://www.irishexaminer.com/news/munster/arid-41808308.html
Stryker cybersecurity rating report: https://www.rankiteo.com/company/stryker
"id": "STR1773240573",
"linkid": "stryker",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Medical Devices',
'location': 'Cork, Ireland',
'name': 'Stryker',
'size': '5,000 employees (4,000 in Cork)',
'type': 'Medical Technology Firm'}],
'data_breach': {'type_of_data_compromised': 'System data (permanently '
'deleted)'},
'date_detected': 'Wednesday',
'description': 'A global medical technology firm, Stryker, suffered a '
'devastating wiper cyberattack suspected to be orchestrated by '
'Handala Hack, a group with ties to the Iranian regime. The '
'attack targeted the company’s Cork, Ireland headquarters, '
'crippling critical IT systems and manufacturing operations. '
'The attack involved the permanent deletion of data from '
'infected systems, a hallmark of wiper attacks, and disrupted '
'production of medical devices.',
'impact': {'data_compromised': 'Permanent deletion of data from infected '
'systems',
'operational_impact': 'Disrupted production of medical devices, '
'employees sent home, reliance on WhatsApp '
'for updates',
'systems_affected': 'IT systems, manufacturing operations, '
'employee devices (Outlook, Microsoft Teams)'},
'investigation_status': 'Ongoing',
'motivation': 'Politically motivated (suspected state-backed cyber sabotage)',
'references': [{'source': 'Israeli media, National Cyber Security Centre '
'(NCSC) Dublin, Stryker staff memo'}],
'regulatory_compliance': {'regulatory_notifications': 'National Cyber '
'Security Centre (NCSC) '
'in Dublin'},
'response': {'communication_strategy': 'Staff memo, WhatsApp groups for '
'updates',
'containment_measures': 'Employees instructed to avoid '
'connecting to the company’s network via '
'any device',
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': 'Restoring systems',
'third_party_assistance': 'Security experts'},
'stakeholder_advisories': 'Sites and personnel remain safe; focus on '
'restoring systems',
'threat_actor': 'Handala Hack',
'title': 'Stryker Hit by Destructive Cyberattack Linked to Iranian-Backed '
'Group',
'type': 'Wiper Attack'}