Key Highlights:

• Iran-linked hacking group Handala has claimed responsibility for the Stryker cyberattack.
• The attack disrupted systems at the U.S. medical device giant operating in 61 countries.
• Early reports suggest wiper malware, which permanently deletes data instead of demanding ransom.
• Thousands of devices running Microsoft Windows may have been wiped, according to early reports.

The Stryker cyberattack has disrupted systems at one of the world’s largest medical device companies after an Iran-linked hacking group claimed responsibility. The attack reportedly limited access to some internal systems and triggered operational disruptions.

Stryker, headquartered in Portage, Michigan, confirmed the incident in a filing with the U.S. Securities and Exchange Commission. The company said some systems became unavailable and that the timeline for full restoration remains uncertain.

The company employs about 56,000 people and operates in 61 countries, making the cyber incident significant for the global medical technology sector.

However, Stryker said it currently has no indication of ransomware or malware, and it believes the situation is contained.

Still, cybersecurity experts and early reports suggest the possibility of a far more destructive type of cyberattack.

Which Hacker Group Claimed the Attack?

An Iranian-linked hacking persona known as Handala claimed responsibility for the attack through posts on its Telegram channel.

The group said the cyberattack was retaliation for U.S.-Israeli military strikes on Iran, including an alleged attack on a girls’ school in Minab in southern Iran.

According to Iran’s ambassador to the United Nations in Geneva, the strike reportedly killed about 150 students. However, independent verification of that figure has not been confirmed.

The hacking group has not responded to media requests for further comment.

Cybersecurity researchers have tracked Handala for several years. Analysts say the group has previously conducted hack-and-leak campaigns and destructive cyber operations.

Gil Messing, Chief of Staff at cybersecurity firm Check Point, described the group as one of the most prominent cyber actors linked to the Iranian regime.

Did the Attack Use Wiper Malware?

Early reports suggest the cyberattack may have used wiper malware, a destructive cyber tool designed to erase data permanently.

Unlike ransomware, which locks systems until a payment is made, wiper malware destroys files and operating systems, making recovery extremely difficult.

According to reports, remote devices running Microsoft Windows—including laptops, smartphones, and other connected systems—were reportedly wiped.

These devices were configured to connect to Stryker’s internal network. As a result, the attack may have affected thousands of employees and contractors.

If confirmed, this would mark a significant escalation in cyber tactics, because wiper malware is often used in geopolitical cyber conflicts.

How Did the Attack Affect Stryker Operations?

The network disruptions reportedly began shortly after midnight on Wednesday on the U.S. East Coast. Staff members later reported unusual login screens that allegedly displayed the logo of the hacking group. However, these claims circulating on social media could not be independently verified.

At Stryker’s global headquarters in Portage, Michigan, phone calls were answered by a recorded message stating the company was experiencing a “building emergency.”

The company has not publicly detailed which systems were affected or how production might be impacted.

Still, any prolonged disruption could affect the manufacturing and distribution of medical devices, which hospitals rely on worldwide.

How Did Markets and Authorities Respond?

Financial markets reacted quickly. Shares of Stryker (SYK) closed down 3.6 percent on Wednesday following news of the cyberattack.

Meanwhile, U.S. government agencies have not publicly confirmed the attribution of the attack.

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have not responded to requests for comment.

However, a White House official said the administration is actively monitoring cyber threats.

The official added that the government continues coordinating responses with critical infrastructure agencies, regulators, and law enforcement.

Why Experts Say the Attack Matters

Cybersecurity experts warn that the incident may signal a broader shift toward destructive cyber retaliation. Cynthia Kaiser, senior vice president at cybersecurity firm Halcyon and a former FBI cyber official, said such attacks have long been a concern.

She described the incident as the type of cyber retaliation analysts feared could follow rising geopolitical tensions. If confirmed, the use of wiper malware would suggest attackers aimed not for financial gain but maximum operational disruption. That tactic aligns with cyber operations often associated with nation-state conflicts.

Conclusion: What the Stryker Cyberattack Signals

The Stryker cyberattack highlights how geopolitical tensions increasingly spill into cyberspace. A cyber incident affecting a global medical device company raises concerns about critical infrastructure security.

While the company says the situation appears contained, investigations are still underway. If destructive wiper malware is confirmed, the attack could mark a new phase in cyber retaliation strategies targeting major corporations.

For now, the full scope and impact of the Stryker cyberattack remain under investigation.