News

Hackers linked to Iran have claimed responsibility for the cyberattack on medical technology giant Stryker

An Iran-linked hacker group has claimed responsibility for a cyberattack on Stryker, a Michigan-based company that produces medical equipment and healthcare technology used around the world. Stryker employs about 56,000 people and operates in more than 60 countries, making it one of the largest medical technology companies in the world.

Stryker disclosed the incident in a filing with the US Securities and Exchange Commission, saying the disruption affected parts of the company. Microsoft environment Investigators are working to determine the full scope.

The incident appears to be one of the most significant cyber incidents associated with Current conflict yet.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

A researcher wearing Stryker medical equipment

BioNTech laboratory assistants wear Stryker medical equipment in a clean room at a production site in Marburg, Germany, in March 2021. (Boris Rösler/Image Alliance via Getty Images)

What happened in the Stryker cyber attack?

According to reports, the attack disabled parts of Stryker’s global network environment. Reports indicate that the power outage began shortly after midnight Wednesday on the East Coast. Employees suddenly discovered that their work phones had stopped working. Communication between teams stopped as devices became unusable.

Android fixes 129 security vulnerabilities in the phone’s major update

Hacking group Handala has claimed responsibility for social media platforms, including Telegram and X. However, this claim has not been independently verified. Some employees also reported seeing the hacker group’s logo appear on company login pages during the disruption. In online posts, the group said the attack was in retaliation for a bombing at a school in Minab, Iran, although these claims have not been independently verified.

Security experts believe that attackers may have gained access to the company’s Microsoft Intune management console. This platform allows businesses to manage company devices such as smartphones and laptops remotely. Once inside this system, the attackers appear to have triggered a powerful administrative feature. Reports indicate that several phones and laptops connected to the company have been wiped back to factory settings.

Iranian cyber attack from Stryker Medical

Signs at Stryker Corp. headquarters. In Portage, Michigan, on Thursday, March 12, 2026. A cyberattack on Stryker Corp. has kept the medical technology company’s ordering and shipping systems offline, as the company continues to struggle to address a crippling hack claimed by an Iran-linked group. (Kristin Norman/Bloomberg via Getty Images)

How hackers used legitimate tools against the company

The attack did not rely on ransomware or traditional malware. Instead, it appears that the hackers used a legitimate system feature in a destructive way. Remote scanning tools exist for good reasons. Companies use it when a device is lost, stolen, or inoperable. However, if attackers take control of the administrative console, these same tools can become weapons. Some cybersecurity researchers believe the attackers may have gained access to the company’s Microsoft Intune device management system, although the exact method of the attack has not been publicly confirmed.

Once attackers gained access to the device management system, they likely launched remote wipe commands across multiple employee devices. The result appeared to be a mass reset event that effectively halted normal operations. Stryker later confirmed that it had been involved in a cybersecurity incident that affected its Microsoft environment. The company said it has seen no evidence of ransomware or malware, and believes the incident has been contained. Stryker said it has activated business continuity procedures so it can continue supporting customers and partners while systems are restored.

Iran’s long history of devastating cyber attacks

This type of attack fits into a broader pattern. Iran-linked groups have previously launched some of the most damaging “wiper” cyberattacks ever. These attacks aim to destroy data rather than steal it.

Notable examples of this include:

Since the beginning of the current conflict, cybersecurity companies such as Google and Proofpoint have mostly observed Iranian groups conducting espionage operations. However, the disruption of Stryker may signal a shift toward more aggressive actions targeting corporate infrastructure. We contacted both Stryker and Microsoft for comment, but did not receive a response before the specified deadline.

Why this matters beyond one company

Major cyber incidents rarely remain isolated. When attackers present a new method, other groups often study it and reuse it. This means that techniques used against a company today could show up in smaller attacks tomorrow. Small businesses, hospitals, and even individuals sometimes become targets when criminals adopt the same methods. In other words, this story about a medical technology company also has a warning for everyday digital life.

Stryker medical technology brand in Ireland

The logo of medical technology company Stryker appears on its factory at the IDA (Industrial Development Agency) estate in Carrigtwohill, County Cork, Ireland, March 28, 2025. (Reuters/Kilcoyne Museum)

How to protect yourself from cyberattacks and device wiping threats

Cyberattacks against businesses expose vulnerabilities that can affect anyone using connected devices. Some proactive steps can reduce your risk.

1) Use strong and unique passwords

Never reuse passwords across accounts. If attackers get a single password, they often test it across multiple services. Also consider using a password manager to create complex passwords and store them securely, so you don’t need to remember them. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

2) Enable two-factor authentication

Add a second verification step, such as two-factor authentication (2FA), can stop attackers even if they get your password.

3) Consider a data removal service

Data broker sites collect and sell personal details that criminals may exploit. Removing this information can reduce your exposure. Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

4) Install a powerful antivirus program

Reliable antivirus protection helps detect suspicious activity, phishing attempts, and malware before they spread. Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

5) Make a backup copy of important files regularly

If your device is wiped or hacked, backups allow you to quickly restore important data.

Take my quiz: How secure is your online security?

Do you think your devices and data are really protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get personalized analysis of what you’re doing right and what needs improvement. Take my test here: Cyberguy.com.

Key takeaways for Kurt

Previously, cyberattacks mainly focused on stealing information. Today, many attackers try to disrupt systems, wipe data, or create chaos. The reported incident involving Stryker shows how hackers can turn everyday administrative tools into powerful weapons. If someone can access the correct controls, they may not need traditional malware at all. To many people, cyber conflict between countries may seem far away. However, the same technology used in those attacks powers the devices and services we rely on every day. All of your phone, laptop, and cloud accounts connect to systems that rely on trust and access permissions. That’s why digital safety now requires layers of protection. Strong passwords help. Secure devices help. Staying aware of threats also helps. Preparedness can make the difference between a quick recovery and major disruption. If something unexpected happens, the people who recover fastest are usually those who took some steps to protect themselves in advance.

This leads us to an important question. If your phone, laptop, or cloud account were suddenly wiped tomorrow, would you be prepared to recover? Let us know by writing to us at Cyberguy.com.

Sign up for my free CyberGuy report

Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – FREE when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Curt “CyberGuy” Knutson is an award-winning technology journalist with a deep love for technology, equipment and gadgets that make life better through his contributions to Fox News and FOX Business morning starters on “FOX & Friends.” Do you have a technical question? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.

Related Posts

Post Comment

You May Have Missed