Hackers linked to Iran claim cyberattack on medical technology giant Stryker

When most people hear about cyberattacks associated with international conflict, it can seem far-fetched. It sounds like something that happens to governments or big corporations. Yet a recent cyber incident involving a US medical technology company shows just how vulnerable digital systems can be. More importantly, it raises the question you should all be asking yourself: Are you immune to problems, too?

A hacking group linked to Iran has claimed responsibility for a cyberattack on Stryker, a Michigan-based company that manufactures medical devices and health technology used around the world. Stryker employs approximately 56,000 people and operates in more than 60 countries, making it one of the largest medical technology companies in the world.

Stryker disclosed the incident in a filing with the US Securities and Exchange Commission, saying the disruption affected parts of its Microsoft environment and that investigators are working to determine the full scope.

This incident appears to be one of the most significant internet incidents linked to the current conflict to date.

Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper.

What happened in the Sryker cyberattack

According to reports, the attack disrupted parts of Stryker’s global network. Reports indicate that the shutdown of vehicles started after midnight on Wednesday on the east coast. Employees suddenly find that their work-issued phones have stopped working. Communication in all groups has been stopped as the machines are no longer in use.

ANDROID FIXES 129 SECURITY FLAWS IN MAJOR PHONE UPDATE

Hacker group Handala has claimed responsibility for social media, including Telegram and X. However, the claim has never been independently verified. Some employees also reported seeing the hacker group’s logo appear on company login pages during the disruption. In online postings, the group said the attack was in retaliation for the bombing of a school in Minab, Iran, although those claims have not been independently verified.

Security experts believe that attackers may have gained access to the company’s Microsoft Intune management console. This platform allows companies to manage corporate devices such as smartphones and laptops remotely. Once inside that system, attackers appear to have implemented a powerful management feature. Reports suggest that many company-linked phones and laptops have been wiped back to factory settings.

Signs at Stryker Corp. headquarters. in Portage, Michigan, Thursday, March 12, 2026. A cyberattack on Stryker Corp. has kept the medical technology company’s ordering and shipping systems offline as the company continues to struggle to deal with a serious hack claimed by an Iran-linked group. (Kristen Norman/Bloomberg via Getty Images)

How can hackers use legal tools against a company

The attack did not rely on conventional ransomware or malware. Instead, hackers seem to have exploited a system feature in a malicious way. Remote wipe tools exist for good reasons. Companies use them when a device is lost, stolen or abandoned. However, if attackers gain control of an administrative console, those same tools can become weapons. Some cybersecurity researchers believe attackers may have gained access to the company’s Microsoft Intune device management system, although the method of attack has not been publicly confirmed.

Once attackers gain access to a device management system, they can run remote wipe commands on multiple employee devices. The result looked like a mass reset event that effectively shut down normal operations. Stryker later confirmed that it had experienced a cybersecurity incident affecting its Microsoft site. The company said it saw no evidence of ransomware or malware and believes the incident is contained. Stryker said it has activated business continuity measures so it can continue to support customers and partners while systems are restored.

Iran’s long history of devastating cyber attacks

This type of attack follows a broad pattern. Iran-linked groups have previously launched the most damaging “wiper” cyber attacks in history. These attacks aim to destroy data rather than steal it.

Two notable examples include:

Since the start of the current conflict, cybersecurity companies such as Google and Proofpoint have increasingly seen Iranian groups carrying out espionage activities. However, Stryker’s disruption may signal a shift to more aggressive actions targeting enterprise infrastructure. We reached out to both Stryker and Microsoft for comment, but did not hear back before our deadline.

Why is this important for more than one company?

Major Internet events rarely stand alone. When attackers demonstrate a new method, other groups often study it and reuse it. That means the tactics used against a company today could turn out to be a micro-attack tomorrow. Small businesses, hospitals and even individuals sometimes become victims when criminals adopt similar tactics. In other words, this story about a medical technology company also has a warning for everyday digital life.

The Stryker medical technology logo is seen at their plant at the IDA (Industrial Development Agency) site, Carrigtwohill, County Cork, Ireland March 28, 2025. (REUTERS/Clodagh Kilcoyne)

How to protect yourself from cyber attacks and device wipe threats

Cyberate attacks against companies reveal vulnerabilities that can affect anyone using connected devices. A few practical steps can reduce your risk.

1) Use strong and unique passwords

Never reuse passwords across accounts. When attackers get one password, they often try it on multiple services. Also, consider using a password manager to generate and securely store complex passwords, so you don’t have to remember them. Check out the best password managers reviewed in 2026 at Cyberguy.com

2) Enable two-factor authentication

Adding a second step of authentication, such as two-factor authentication (2FA), can stop attackers even if they get your password.

3) Consider a data removal service

Data broker sites collect and sell personal information that criminals can exploit. Removing that information can reduce your exposure. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out there on the web by visiting Cyberguy.com.

4) Install strong antivirus software

Reliable antivirus protection helps detect suspicious activity, phishing attempts and malware before they spread. Find my picks for the best antivirus 2026 winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

5) Back up important files regularly

If the device is wiped or compromised, backups allow you to quickly restore important data.

Take my questions: How secure is your internet security?

Think your devices and data are really protected? Take these quick questions to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized explanation of what you’re doing well and what needs improvement. Take my questions here: Cyberguy.com.

Kurt’s priority is taking

Cyberattacks once focused on stealing information. Today, many attackers try to disrupt systems, delete data or create chaos. A reported incident involving Stryker shows how cybercriminals can turn everyday administrative tools into powerful weapons. If someone gains access to the right controls, they may not need a regular malware program at all. For many people, online conflict between countries can seem far-fetched. Yet the same technology involved in those attacks powers the devices and services we rely on every day. Your phone, laptop and cloud accounts all connect to systems that rely on trust and access permissions. This is why digital security now requires layers of protection. Help with strong passwords. Help for secure devices. Staying aware of threats is also helpful. Preparation can make the difference between a quick recovery and a serious setback. When something unexpected happens, the people who retreat the fastest are usually the ones who have taken a few precautions in advance.

And that leads to an important question. If your phone, laptop or cloud account was suddenly wiped tomorrow, would you be ready to recover? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy report

Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join CYBERGUY.COM newspaper.

Copyright 2026 CyberGuy.com. All rights reserved.