Medical device giant Stryker confirms cyberattack as employees say devices were wiped

The medical device manufacturer Stryker confirmed reports Wednesday that a cyberattack has disrupted operations. 

The Michigan-based company released a statement saying it is “experiencing a global network disruption” to its Microsoft environment as a result of a cyberattack. 

“We have no indication of ransomware or malware and believe the incident is contained. Our teams are working rapidly to understand the impact of the attack on our systems,” the company said in a social media message. “Stryker has business continuity measures in place to continue to support our customers and partners.”

On Wednesday, the company’s phone systems were responding to calls with an automated message claiming they are dealing with a “building emergency.”

The company’s statement comes after dozens of Stryker employees took to social media to complain that their corporate computers and phones had been completely wiped. 

On Facebook, Reddit and X, employees said none of their company devices were working. Several said the incident began early on Wednesday morning, with multiple company servers wiped clean and almost all work apps taken down. 

Several employees told Recorded Future News that they could no longer access corporate email systems and were completely cut off from several other work platforms. Two employees said when they tried to log in they saw the logo of the Handala hacking group.  

A group going by that name purportedly released a statement online taking credit for the attack on Stryker, claiming they targeted the company because of a recent U.S. missile strike on a girl’s school in Iran and the ongoing military conflict between the U.S., Israel and Iran.

Handala allegedly put their logo on every login page and sent emails to executives taking credit for the incident. 

The group, which cybersecurity experts previously tied to other Iran-based threat actors, claimed it wiped more than 200,000 “systems, servers and mobile devices” while also stealing 50 terabytes of company data. 

Since 2023, Handala has repeatedly targeted companies and government systems in Israel. Cybersecurity experts previously described Handala as a sophisticated group, noting that one of its most common tactics was the deployment of wiper malware designed to destroy all of the files on a device. 

Handala took credit for a phishing campaign last year involving the impersonation of the cybersecurity firm CrowdStrike and attempts to install wiper malware on Israeli networks. In a statement at the time, the hackers claimed to have launched other attacks, including targeting Israeli Iron Dome radars.

Last year, the group targeted the Israeli Ministry of National Security and sent fake missile alerts to Israeli schools and kindergartens through smartphones via SMS before wiping the system after sending the alerts.

Stryker is one of the biggest medical device manufacturers in the world, reporting more than $25 billion in earnings last year. It purchased Israeli medical tech company OrthoSpace in 2019. Stryker also has signed large contracts with the U.S. Department of Defense and other U.S. agencies. 

Stryker did not respond to requests for comment about Handala’s role in the attack. 

Several employees said the company has been brought to a standstill as a result of the attack. The incident first emerged in Ireland when news outlets reported that employees at large factories in the country were cut off from corporate access or sent home because they could not work. 

Some employees who had linked their personal phones to corporate systems also reported losing access to much of their data.