A cyberattack against medical technology maker Stryker Corp. crippled the company’s global operations, according to a person familiar with the matter and a memo seen by Bloomberg News.
A pro-Iranian digital activist group, Handala, has claimed credit for the incident, potentially marking the first known major cyber disruption of an American organization since joint U.S.-Israeli strikes against Iran.
Many Stryker employees around the world are unable to work, so they’ve been sent home from offices and told to avoid connecting to any Stryker networks or software through any device, according to the person, who asked not to be identified because they weren’t authorized to speak publicly about the matter. Some employees have also seen data on their devices wiped as a result of the breach, the person said.
Shares of Stryker were down as much as 5.3% after the Wall Street Journal reported on the breach.
“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyberattack,” a company spokesperson said in a statement.
“We have no indication of ransomware or malware and believe the incident is contained,” the spokesperson said. “Our teams are working rapidly to understand the impact of the attack on our systems. Stryker has business continuity measures in place to continue to support our customers and partners.”
Neither the FBI nor the U.S. Cybersecurity and Infrastructure Security Agency immediately responded to inquiries.
Stryker manufactures a wide range of medical devices and equipment with a focus on orthopedics, surgical tools, neurotechnology and spinal products, including emergency services and intensive-care disposable equipment, according to the company’s website. Most of its products are marketed directly to doctors, hospitals and other healthcare facilities and are available in more than 61 countries, according to the company’s filings.
Stryker generates about $25 billion in revenue annually and has a market valuation of about $131 billion.
Handala claimed responsibility for the attack in a statement posted online Wednesday. The group portrayed the hack as retaliation for a suspected US bombing of an Iranian school and threatened a “new chapter in cyber warfare.”
Neither the company nor any cybersecurity agency has confirmed that an Iranian group was behind the hack.
“Critical health care infrastructure represents a high-value, high-impact target: disruption doesn’t just mean data loss, it can mean patient safety,” said Sergey Shykevich, threat intelligence group manager at the Israeli cybersecurity firm Check Point Software Technologies Ltd.
The attack unfolded dramatically beginning around midnight U.S. eastern time when workers saw systems go down in front of them one at a time. Once they realized what was happening, employees scrambled to unplug some machines in order to attempt to save data, according to the person. The effort was frantic and had mixed results. In some offices as many as 95% of the computers and devices have been wiped, the person said.
In the operation, more than 200,000 systems, servers and mobile devices were wiped and 50 terabytes of data were extracted, Iran’s semi-official Tasnim news agency reported. Bloomberg News hasn’t independently verified those claims.
Handala suggested it had attacked Stryker because it had connections to Israel. In 2019, Stryker acquired the Israeli company OrthoSpace. Stryker has also previously worked with the U.S. military: Last year, it won a $450 million contract to supply medical devices to the US Department of Defense.
Copyright 2026 Bloomberg.
Want to stay up to date?
Get the latest insurance news
sent straight to your inbox.
