Handala, a group of Iranian-affiliated hackers, has delivered a catastrophic Wiper attack against Stryker Corp., wiping the data from more than 200,000 devices and shutting down offices in 79 different countries. This attack is perhaps the most aggressive state-sponsored cyberattack on a U.S. healthcare provider since the escalation of tensions following a U.S. airstrike that killed a number of Iranians who were attending a school in Iran last month. The significant delays in care created by the attack have left many hospitals struggling to access supplies for their surgical procedures and created very real access issues for everyday patients, all while the full scope of the delays is still being understood by all involved.
Who Are Handala and Why Stryker Now?
Handala Hack Team popped up in late 2023, tied to Iran's Ministry of Intelligence and Security (MOIS) through the "Void Manticore" cluster, aka Banished Kitten or Storm-0842. They focus on Israel but pivot to high-profile hits when agendas align, like supply-chain jumps via IT providers.
They picked Stryker for its 2019 buyout of Israeli firm OrthoSpace, dubbing it "Zionist-linked," plus retaliation for the school bombing amid US-Iran-Israel flare-ups. No patient devices got hit directly, Stryker stresses the breach stayed in their Microsoft setup.
The Attack Unfolds: From Midnight Wipe to Global Shutdown
Everything kicked off just after midnight on March 10 on the US East Coast. Employees logging in saw Handala's logo and Palestinian flags plastered across login screens, followed by total blackout. Hackers hijacked Microsoft Intune, Stryker's cloud tool for managing devices, to remotely wipe laptops, servers, and even personal phones running company Outlook apps.
Stryker's Cork, Ireland hub—its biggest outside the US—sent 5,000 workers home immediately. Staff turned to WhatsApp for updates as anything network-tied went dark. In Michigan headquarters, voicemails warned of a "building emergency," and doors stayed locked all day.
Here's a quick timeline of key events:
| Date/Time | Event |
|---|
| Date/Time | Event |
|---|---|
| Feb 28, 2026 | US Tomahawk missile strikes Iranian all-girls school in Minab, killing 175, mostly children. Ongoing probe pins it on US. |
| March 10, ~00:01 ET | Outages hit Stryker's internal Microsoft environment; devices start wiping via Intune. |
| March 10, Morning | Handala claims responsibility on Telegram, boasts 200K+ systems erased, 50TB data stolen. Blames "Zionist-rooted" Stryker for US actions. |
| March 10, Day | Offices shut in 79 countries; Ireland, US sites empty. Stock dips 3.4%. |
| March 11-12 | Stryker confirms no ransomware or malware spread beyond internals; restoration underway. |
This wasn't ransomware chasing cash. It was pure destruction—a wiper op designed to cripple operations long-term.
Compare this to Iran's cyber playbook:
| Past Iran Attack | Target | Damage | Stryker Parallel |
|---|---|---|---|
| 2012-13 Ababil | 46 US banks | DDoS outages | Destructive, not money-grab |
| 2013 Bowman Dam | NY water control | SCADA access | Critical infra risk |
| 2014 Sands Casino | Vegas casino data | $40M+ wipe | Wiper tactics match |
| 2017 Mabna | 144 US unis | 31TB theft | Data exfil + destruction |
Stryker dodged malware spread, but the Intune exploit exposes a cloud blind spot few medtech firms discuss openly.
Stryker Cyber Attack - Hackers Claim System Breach and Device Wipe
— Cyber Security News (@The_Cyber_News) March 11, 2026
Source: https://t.co/qe0pa77pSE
On March 11, 2026, the global medical technology giant Stryker experienced a severe cyberattack when Iranian-linked hackers used wiper malware to permanently erase data from its… pic.twitter.com/lp4cRH2PTa
What Stryker Does and Why Patients Feel the Pinch
Founded in 1941 by Dr. Homer Stryker, this Kalamazoo, Michigan powerhouse rakes in $22.6 billion yearly from orthopedics (hips, knees, spines—40% revenue), MedSurg/Neurotech (endoscopy, emergency gear—60%). With 56,000 employees in 61 countries and 14,200 patents, they touch 150 million patients a year via hospitals worldwide.
Nearly every US surgery center stocks their implants and tools. One anonymous hospital pro told KrebsOnSecurity orders halted instantly, sparking supply fears. No widespread shortages yet, per American Hospital Association's John Riggi, but prolonged downtime could delay joint replacements or neuro ops.
Real risks to everyday folks:
-
Elective surgeries: Hip/knee waits spike if sterile tools run low.
-
Trauma care: Backup suppliers exist, but rural spots hurt first.
-
Global ripple: India, Europe clinics lean on Stryker; disruptions hit Delhi hospitals too.
-
Investor hit: Shares fell 3.4%, wiping $3B+ market cap temporarily.
This isn't abstract. If you're facing surgery, call your provider now—stock up alternatives like Zimmer Biomet or Medtronic if possible.
Other Articles to Read:
- Pussycat Dolls 2026 Arena Tour: Cities, Dates & Ticket Details
- Is Your Job Safe? Why Atlassian is Replacing ‘Traditional’ Roles with AI Talent
- Akshay Kumar & Priyadarshan are Back! Bhooth Bangla Teaser Out
- Kriti Sanon’s Late-Night Scooty Ride in Mumbai Goes Viral
- What Happened During Hardik Pandya's Celebration With His Girlfriend Is Now a Legal Issue
- Is Age Just a Number? Why Nick Viall Carded Natalie on Their First Date
The Hidden Supply Chain Bomb No One Expected
Everyone fixates on the wipe scale, but the unique angle? Intune's role turns employee BYOD (bring your own device) into a hacker superweapon. Cloud consoles promise easy management but hand attackers admin keys if creds leak.
Experts like Scott Bailey call it total network loss control, implicating Microsoft 365 tenancy. Stryker urges Intune uninstalls too late for thousands. Healthcare's IoT-heavy devices (Stryker's patient platforms partner with Microsoft) dodged direct hits, but trust erodes.
Past parallels like Change Healthcare's 2024 ransomware showed med supply chaos. Stryker's faster containment helps, yet it spotlights geopolitics invading clouds. Iran ups destructive ops as US strikes escalate, next could be pharma giants.
Lessons for Businesses and What to Watch
Smart firms audit cloud admins yesterday. Enforce zero-trust: segment employee devices, rotate Intune creds, drill offline backups. Hospitals? Diversify vendors; stock 30-day buffers for Strykers.
Stryker's restoring fast no external malware confirmed. Watch stock rebound, FBI probes (they indicted IRGC before), and Handala leaks of that 50TB. If supplies tighten, your knee surgery waits.
Geopolitics just made healthcare a battlefield. Patients win by demanding resilient chainsask your doc about backups. This attack proves nation-states target wallets via wrists and hips, forcing us all to rethink digital fronts in medicine.
