Back

Stryker Cyberattack Disrupts Operations, Linked to Iran-Linked Threat Actor

Severity: High (Score: 62.9)

Sources: Healthcaredive, Medtechdive, Bloomberg

Summary

On March 11, 2026, Stryker Corp., a medical technology company, suffered a cyberattack that disrupted its internal Microsoft environment, affecting order processing, shipping, and manufacturing. The attack was attributed to an Iran-linked threat actor known as Handala, which claimed to have wiped thousands of servers and stolen data. Stryker has since restored most of its manufacturing capabilities and its electronic ordering system. The company is working with government agencies and cybersecurity experts to investigate the incident. As of March 27, 2026, operations are steadily improving, but the full impact on finances and materials is still unknown. The attack also delayed medical procedures scheduled for the week of March 16. Stryker has confirmed that no malicious activity was directed towards its customers or partners. The incident highlights vulnerabilities in the medtech sector amid increasing cyber threats. Key Points: • Stryker's operations were severely disrupted by a cyberattack on March 11, 2026. • The attack was attributed to the Iran-linked group Handala, which claimed to have wiped servers. • Stryker has restored most manufacturing and its electronic ordering system as of March 27, 2026.

Key Entities

  • Handala (apt_group)
  • Phishing (attack_type)
  • Intuitive Surgical (company)
  • Stryker (company)
  • Iran (country)
  • T1059 - Command And Scripting Interpreter (mitre_attack)
  • T1566 - Phishing (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed