Medtech giant Stryker offline after Iran-linked wiper malware attack

Published:

11 maart 2026 om 17:21:22

Alert date:

11 maart 2026 om 18:02:31

Source:

bleepingcomputer.com

Ransomware & Malware, Data Breach & Exfiltration, Critical Infrastructure

Leading medical technology company Stryker was hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. The attack has taken the medtech giant offline, disrupting operations. This represents a significant cyberattack on critical healthcare infrastructure by a state-linked threat actor. The use of wiper malware indicates destructive intent rather than typical ransomware operations. The attack highlights the vulnerability of healthcare organizations to geopolitically motivated cyber campaigns.

Technical details

Handala carried out a wiper malware attack against Stryker, wiping over 200,000 systems, servers, and mobile devices across the company's network. The attackers stole 50 terabytes of critical data before executing the destructive attack. Devices enrolled in the company's mobile device management system were remotely wiped. The attack began early Wednesday morning when managed Windows and mobile devices were remotely wiped in the middle of the night. The attackers also defaced the company's Entra login page to display a Handala logo. The attack disrupted access to internal services and applications, forcing some locations to revert to pen and paper workflows.

Mitigation steps:

Staff were instructed to remove corporate management and applications from their personal devices, including the Intune Company Portal, Teams, and VPN clients. Stryker is working with Microsoft to restore their systems and treating this as a critical, enterprise-wide incident.

Affected products:

Stryker systems and devices
Windows devices
Mobile devices
Intune Company Portal
Microsoft Teams
VPN clients
Stryker Entra login page