Responsibility for the incident has been claimed by the hacking group Handala, which is believed to have links to Iran. In a statement released online, the group said it had carried out a large-scale cyber operation targeting Stryker’s global network, alleging it wiped more than 200,000 systems and extracted approximately 50 terabytes of data.
Handala said the cyberattack was carried out in retaliation for recent military strikes on Iran and what it described as attacks against groups aligned with the “Axis of Resistance.” The group also referenced an incident it called the “attack on the Minab school” in its statement.
According to the hackers, Stryker offices in 79 countries were affected and the data taken during the breach had been released to “the free people of the world.” The group also warned that further cyber operations could follow, describing the attack as the start of “a new chapter in cyber warfare.”
Cybersecurity specialists say they have been monitoring increased activity from the group in recent weeks. Ken Sheehan, Director of Operations at Smarttech247, said threat intelligence teams have observed a surge in cyber operations linked to Handala since tensions escalated in the Middle East.
“Our threat intelligence team has been tracking increased activity from the Handala group since the current crisis began,” Sheehan said. “There are now reports linking them to attacks on at least one organisation with operations in Ireland, which is concerning.”
He added that businesses have been warned of heightened cyber risks as geopolitical tensions rise, with infrastructure and service providers seen as likely targets due to the potential for widespread disruption.
Stryker, headquartered in Kalamazoo, Michigan, is one of the world’s largest medical technology companies. The firm employs around 56,000 people globally and reported revenues of more than $25 billion in 2025. Its products include orthopedic implants, surgical tools, hospital beds and robotic surgery systems.
Reports indicate the disruption began shortly after 4pm, when devices connected to the company’s network began experiencing outages. According to sources cited by the Wall Street Journal, Windows-based systems, including laptops and mobile devices linked to Stryker’s infrastructure, were remotely wiped.
Images shared online appeared to show the Handala logo displayed on affected login screens.
An internal notice reportedly described the incident as a “severe global disruption” across the company’s Windows environment, impacting both servers and client devices. Stryker has since engaged Microsoft to assist with the ongoing investigation.
Sources: RTÉ, The Journal
