Stryker is experiencing a global network disruption to its Microsoft environment as the result of a cyberattack.
In a statement posted on LinkedIn Wednesday, Stryker said it did not believe the attack involved ransomware or other malware and added that it believed the incident was contained.
“Our teams are working rapidly to understand the impact of the attack,” the company said. “Stryker has business continuity measures in place to continue to support our customers and partners. We are committed to transparency and will keep stakeholders informed as we know more.”
The company did not return MedTech Dive’s request for comment by publication.
Stryker, based in Portage, Michigan, is a medtech company that specializes in orthopedics, including manufacturing joint implants and surgical robots, as well as medical equipment like hospital beds.
The company has 56,000 employees and operates in 61 countries. Its revenue in 2025 totaled $25.1 billion.
According to a report from The Wall Street Journal, the attack led to a global outage across Stryker’s systems as the hackers remotely wiped remote devices running Microsoft’s Windows operating system, including cellphones and laptops.
Stryker told employees to disconnect from all networks and to not turn on company-issued devices, according to an email viewed by the Journal.
An Iran-linked threat actor that researchers call Handala claimed credit for the attack, according to a spokesperson for Check Point Research.
Handala is a group that masquerades as pro-Iranian hacktivists but is believed to be part of the Iranian Ministry of Intelligence and Security, according to Palo Alto Networks Unit 42.
The Stryker attack would represent a significant escalation for Handala, marking the first time it has targeted a major U.S. business, according to Check Point Research.
“The fact that they’ve set their sights on a major medical device company is particularly alarming,” said Sergey Shykevich, threat intelligence group manager at Check Point Research. “Critical healthcare infrastructure represents a high-value, high-impact target: disruption doesn’t just mean data loss, it can mean patient safety.”
Several hacktivist groups have claimed attacks against companies based in the Middle East since the U.S. and Israel’s war against Iran began in late February. An Iranian state-linked actor tracked as Seedworm, or MuddyWater, has targeted the networks of U.S. companies since early February, with researchers at Symantec and Carbon Black finding backdoors on the networks of multiple firms.
