NBC News reported on March 11 that after the outbreak of the U.S.-Iran war, a hacker group believed to be linked to Iran claimed responsibility for a cyberattack on a U.S. medical technology company. This may be the first clearly destructive cyber operation by Iran targeting an American company since the conflict began.
Michigan-based medical device manufacturer Stryker produces a range of medical technology products, including surgical robots, emergency medical equipment, and healthcare communication systems. The company operates globally, with business across Europe, Asia, and the United States.
Iran-linked hacker group claims responsibility
The report states that a hacker group called Handala claimed responsibility for the attack on its Telegram and X accounts, continuously posting so-called “results” on social media. These accounts have repeatedly been taken down and reappeared.
Rafe Pilling, threat intelligence lead at cybersecurity firm Sophos, said the group has previously been linked by security researchers to Iranian intelligence agencies.
Handala claimed to have stolen 50TB of “critical data” from Stryker and wiped data from more than 200,000 systems, servers, and mobile devices. However, these figures have not yet been independently verified.
Success
You are now signed up for our newsletter
Success
Check your email to complete sign up
Based on publicly available information and employee feedback, the attack is likely related to the company’s Microsoft Intune system used to manage devices. Pilling explained that once hackers gain access to the management console, they can trigger the “remote wipe” function to reset devices to factory settings—a feature originally intended to protect data on lost or decommissioned devices.
Employee devices wiped, company operations halted
An anonymous Stryker employee told NBC that after the attack, company-issued work phones suddenly stopped functioning, disrupting internal communications and business collaboration.
Employees at Stryker’s Cork, Ireland facility—one of its largest operations centers outside the U.S.—also told media that “most company devices have been wiped,” leaving “almost no one able to work normally.”
The employee said: “The whole company is almost at a standstill. No one knows what really happened, and this will have a very large ripple effect.”
Stryker stated on its official website that global network outages were caused by a cyberattack targeting its Microsoft environment, but the company’s core systems were not directly breached.
The company emphasized that no ransomware or malware has been detected, and the situation is under control.
Tech outlet The Verge reported on March 11 that Stryker filed documents with the U.S. SEC, saying the “full impact” on operations and finances remains unclear, and no timeline for restoration has been established.
As of early Thursday morning Eastern Time, the company was still working to restore systems.
Stryker also said its main medical products—including the Mako surgical robot system, Vocera healthcare communication platform, and LIFEPAK 35 emergency devices—were unaffected and remain safe to use.
Signs of escalation in US-Iran cyberwar
NBC noted that since the U.S.-Iran conflict began, some Iran-backed hacker groups have claimed cyberattacks, but these were mostly limited to website defacements and symbolic actions with limited impact.
Cybersecurity firms, including Google and email security company Proofpoint, told NBC that Iranian hackers have mostly focused on war-related intelligence gathering rather than directly damaging corporate systems.
If the scale of this attack is confirmed, it may signal a shift in Iran’s cyber strategy—from intelligence collection to more destructive strikes against critical corporate infrastructure.