Stryker Employees Locked Out After Iran-linked Handala Hits in Stryker Cyber Attack
A Stryker employee in Boise, Idaho, found they could not reach company systems as the stryker cyber attack unfolded, the first clear sign of a disruption that soon affected staff across time zones. The employee said colleagues were told not to connect to any Stryker VPN, and some work phones were wiped on Wednesday morning.
Boise Worker, Portage, Michigan and Early Service Interruptions
The early human moment came in Boise, Idaho, when an employee confirmed they were unable to access Stryker accounts and networks. Calls to Stryker’s headquarters in Portage, Michigan, reached a recorded message that the company was addressing “a building emergency. ” Staff also reported seeing a hacking logo on company login pages.
Outages began shortly after midnight on the US East Coast on Wednesday, knocking out Windows-based devices, including laptops and mobile phones, that were connected to Stryker systems. For many staff, the immediate impact was practical: no remote access, wiped work phones, and a halt to routine digital workflows.
Stryker Cyber Attack and the Microsoft Environment Disruption
Stryker confirmed it was experiencing a global network disruption to its Microsoft environment as a result of a cyberattack. it had found no evidence of ransomware or malware and believed the incident was contained, and that teams were working rapidly to understand the impact on systems.
Employees were explicitly told to avoid connecting to Stryker VPN networks or software on any device. One claim circulating with the outage alleged that 200, 000 systems were affected and that 50 terabytes of data had been extracted, while Stryker has not confirmed the involvement of the group making those claims.
Handala’s Claim of 50 Terabytes, Verifone Denial and IRGC Warnings
A hacking persona called Handala claimed responsibility, saying it had seized 50 terabytes of company data and framed the action as retaliation tied to a deadly strike on a school that killed more than 170 people. The group said the data was “now in the hands of the free people of the world. ”
Handala also claimed a simultaneous attack on payments company Verifone; Verifone denied any disruption to its services. Meanwhile, the IRGC warned that US- and Israeli-linked economic centres and banks were legitimate targets, and state-affiliated media listed regional infrastructure of several US tech firms as potential targets.
Those statements came as an Iranian security source suggested the conflict was entering a new phase and hinted at possible restrictions on another regional waterway similar to prior threats involving the Strait of Hormuz. Separately, some political figures called for investigation into the strike on the school that Handala cited as justification.
Stryker is a Michigan-based medical device company whose products reach millions of patients across dozens of countries and which reported revenues of more than $25 billion in 2025. The company makes items that range from artificial joints and surgical instruments to hospital beds and robotic surgery systems.
Staff Responses and What the Company Has Confirmed Next
For staff in Boise and elsewhere, the immediate response was operational: avoid corporate VPNs, suspend routine network activity, and wait for central IT guidance. Work phone wipes and inaccessible laptops left clinical and administrative workers relying on contingency plans and local managers.
For now, Stryker has stated it found no evidence of ransomware or malware and believes the incident is contained. That confirmation is the next confirmed development after the initial outage and the public claims of data seizure.
Back in Boise, the employee who first described being locked out will return to systems only as Stryker restores access and validates its Microsoft environment. The company’s declaration that the incident is contained frames the immediate next step: restoration of secure access for staff and verification of what, if any, data was taken.
