Who is responsible for the Stryker cyberattack?

The pro-Iran hacking group Handala has claimed responsibility for the attack, citing retaliation for military actions in Iran.

Was ransomware used in the Stryker breach?

Stryker stated there is no evidence of ransomware or malware, describing the incident as a network disruption that involved wiping data from devices.

What systems were affected by the attack?

The attack targeted Stryker's Microsoft environment and global networks, impacting facilities and endpoint devices worldwide.

How many people are affected by the Stryker incident?

The specific number of affected individuals has not been disclosed, but the company employs 56,000 people globally.

Incident

Stryker Global Networks Disrupted by Destructive Cyberattack Claimed by Handala

Q: What should Stryker employees do with their work phones?

The company recommended that employees remove the Stryker Management profile from their work phones to prevent further data wiping.

published: March 11, 2026

Learn More

Stryker, a leading U.S. medical technology corporation, reported a massive cyberattack on March 11, 2026, that triggered a global network disruption and forced the closure of its headquarters in Portage, Michigan.

The incident was publicly acknowledged by the company after employees were instructed to vacate facilities and disconnect all devices from corporate systems. The pro-Iran hacking group Handala claimed responsibility for the breach, asserting the attack was a retaliatory measure following military strikes in Iran.

Stryker has not confirmed the threat actor's identity but the hactivist group's logo reportedly appeared on internal login pages during the height of the disruption.

According to Portage Public Safety, the attackes wiped of data from mobile phones and computers connected to the company's infrastructure. Stryker officials stated that they found no evidence of traditional ransomware or malware, suggesting the use of destructive wiper techniques instead of financially motivated encryption scheme. The attackers likely exploited administrative access within the cloud-based management suite to push commands to endpoint devices, leading to the widespread loss of system functionality.

The compromised data and affected assets include:

Data on wiped endpoint devices (laptops and desktop computers)
Mobile device management (MDM) profiles and associated phone data
Internal network communications and Microsoft environment configurations
Proprietary system access credentials

The number of affected individuals is not disclosed. Stryker's shares fell by more than 3% immediately following reports of the incident.

Stryker immediately shuttered its 1941 facility in Portage and issued an emergency directive for all staff to remain off the network. The company specifically advised employees to remove the "Stryker Management profile" from their work phones to halt the automated wiping process. Stryker has engaged external security experts and notified relevant authorities to investigate the scope of the intrusion. The organization claims to have contained the situation and is currently utilizing business continuity measures to maintain support for its global partners and customers.

Stryker Global Networks Disrupted by Destructive Cyberattack Claimed by Handala

Read More
North Carolina Endodontic practice hit by email compromise …
Greater Pittsburgh Orthopedic Associates Reports Data Breach
Proliance Surgeons reports data breach, exposes patient data
LockBit lists Summit Health on their breach site, …
Ontario hospitals attacked by ransomware, patient and employee …