Security experts issued warnings about potential destructive cyberattacks in retaliation for US and Israeli airstrikes on Iran two weeks ago. Those predictions materialized on Wednesday when Stryker, a global medical device manufacturer, acknowledged a cyber incident that crippled much of its infrastructure. The hacking group Handala Hack, which researchers have long associated with the Iranian government, took credit for the attack.
Initial signs of the breach emerged through social media posts and a report from the Irish Examiner. Alleged Stryker employees or their relatives posted messages online stating that workers’ phones and computers had been wiped. The Irish Examiner published a report on Wednesday morning, citing anonymous sources, which corroborated these claims. The report noted that some employees observed login pages on affected devices displaying the Handala Hack logo.
On Thursday, Stryker provided an update, describing the incident as a “global network disruption to our Microsoft environment as a result of a cyber attack.” The company clarified that responders found no evidence of ransomware or malware, which are typical causes for such outages. They believe the attack is now contained and limited to the internal Microsoft environment.
Stryker confirmed that key medical devices, including Lifepak, Lifenet, and Mako systems, remained operational. These tools are used by healthcare professionals to monitor and control heart attacks, manage and transmit patient data in real time, and perform surgeries. In a Securities and Exchange Commission filing on Wednesday, the company stated it has no timeline for restoring normal daily operations.
