Stryker Cyber Attack: Handala Hackers Wipe 200,000 Devices, Stryker Stock Drops 4%
Iran-linked hacker group Handala executed a devastating cyber attack against Stryker Corporation early Wednesday, March 11, 2026, crippling the medical technology giant's global operations and sending Stryker stock tumbling nearly 4% in a single session.
Stryker Cyber Attack Begins Shortly After Midnight ET
The cyber attack struck Stryker around 3:30 AM ET on Wednesday, with some employee accounts placing the initial breach closer to 12:30 AM ET. The timing caught the company's global workforce off guard, with systems going dark before most U.S. employees had even started their workday.
Staff found that remote devices running Microsoft's Windows operating system — including cellphones, laptops, and other devices configured to connect to Stryker's technology systems — had been wiped. The company advised employees not to turn on company-issued devices and to disconnect from all networks immediately.
Stryker's global headquarters in Portage, Michigan closed Wednesday as workers' phones and computers tied to the company were being wiped, according to Portage Public Safety.
Handala Claims Responsibility for the Stryker Hacked Operation
The Handala group claimed responsibility for the cyber attack on social media, calling it retaliation "for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance."
Handala claims to have wiped more than 200,000 servers, mobile devices, and other systems, forcing Stryker to shut down offices in 79 countries. The hackers described it as an "unprecedented blow" to the company.
Handala's statement said the operation was "fully successful," affecting more than 200,000 systems and extracting 50 terabytes of critical data. The group described the hack as "only the beginning of a new chapter in the cyber war."
Who Is Handala — The Group Behind the Stryker Hacked Systems
On the surface, Handala is a hacktivist group aligned with pro-Palestinian and anti-Israeli sentiment. However, many in the cybersecurity community believe it is a front for Void Manticore, a threat actor sponsored by the Iranian government. The group is known for phishing, data theft, extortion, and destructive attacks involving custom wiper malware.
The attack targeted Stryker's Microsoft Intune-managed Windows environment, suggesting exploitation of enterprise mobile device management infrastructure for mass deployment of wiper payloads. This is a sophisticated, state-level tactic rarely deployed against Fortune 500 companies at this scale.
The breach extended to the personal mobile phones of employees who had integrated Stryker's work profile into their personal devices, wiping their personal data and showcasing the extreme reach of the Handala hackers.
Stryker Stock Falls as Markets React to Cyber Attacks
Stryker's stock dropped 4.31% to $343.18 in early trading, a move that puts the shares well below recent highs and near the lower end of its 52-week range.
Stryker (NYSE: SYK) carries a market valuation of approximately $131 billion. As of this report, the company had not disclosed the cyber attack to federal securities regulators.
Stryker carries a forward P/E of 40.9 — a multiple that prices in near-perfect execution and operational reliability. The cyber attack introduces a major question mark over that reliability, particularly as production delays could ripple through healthcare supply chains.
Stryker's Scale Makes This Cyber Attack Especially Alarming
Stryker is a Fortune 500 company that specializes in the manufacturing of surgical equipment, orthopedic implants, and neurotechnology. Headquartered in Michigan, the company employs approximately 56,000 people and reported over $25 billion in revenue for 2025.
Stryker also has significant contracts with the Departments of Defense and Veterans Affairs. In 2019, Stryker acquired Israeli medical technology company OrthoSpace — a connection analysts say may have made the company a target for the Iran-linked group.
If fully confirmed, the hack would represent arguably the most significant cyber incident linked to the recent Iran war so far. Experts had for weeks advised organizations to stay on guard for cyber retaliation from Iran-aligned groups following the U.S.-Israel strikes on Iran that began February 28.
Stryker has stated it believes the incident is contained and that business continuity measures remain in place, though the full scope of the damage from this cyber attack continues to unfold.
