What happened
Medical technology company Stryker confirmed that portions of its IT environment were taken offline after a destructive cyberattack attributed to the Iran-linked hacking group Handala. The attackers claimed responsibility and said they deployed a wiper malware designed to destroy systems and erase data across the company’s network. According to the threat actors, the attack wiped hundreds of thousands of devices and resulted in the theft of tens of terabytes of internal data, though Stryker has not confirmed the scale of the impact. The company stated it is investigating the incident and working to restore affected systems while assessing potential data exposure and operational disruption.
The incident comes amid broader concerns about state-linked cyber activity, including recent warnings about Iranian cyberattack risks targeting global organizations.
Who is affected
Operations at Stryker, a global medical technology manufacturer supplying hospitals and healthcare providers worldwide, were affected after internal IT systems were taken offline following the attack.
Why CISOs should care
The incident highlights the risks destructive malware poses to large healthcare and medical technology organizations, where disruptions to internal systems can impact manufacturing, logistics, and healthcare delivery infrastructure.
3 practical actions
- Investigate potential wiper malware activity. Monitor for destructive behavior such as system wiping, mass file deletion, or disk corruption.
- Isolate compromised systems quickly. Taking affected infrastructure offline can help contain destructive malware.
- Assess data exposure and operational impact. Determine whether sensitive data was accessed and evaluate disruptions to production or services.