(Photo by Jakub Porzycki/NurPhoto via Getty Images)
A US medical equipment provider called Stryker is facing a global outage after a cyberattack, and a hacking group supporting Iran is claiming responsibility.
The group, Handala, which has been involved in pro-Palestinian hacktivist activities, posted about taking down Stryker on Wednesday as reports of the outage began to emerge.
“In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted,” the group claimed on its website. “Stryker’s offices in 79 countries have been forced to shut down.”
The attack is particularly bad in Ireland, where Stryker employs at least 4,000 people. "Nobody can work. The entire company has been brought to a standstill. Nobody has any idea what is going on. This is going to have a huge knock-on effect,” a source told the Irish Mirror.
Michigan-based Stryker has confirmed the cyberattack, posting on LinkedIn that it’s experiencing a “global network disruption” across its Microsoft software environments. Stryker had 53,000 employees as of 2024.
“We have no indication of ransomware or malware and believe the incident is contained,” the company added. “Our teams are working rapidly to understand the impact of the attack on our systems.”
Stryker, which sells medical and surgical equipment, said in an updated post: "Our products like Mako, Vocera and LIFEPAK35 are fully safe to use."
It currently looks like the attack hit employee systems and an online ordering system, rather than hospital equipment. Handala has been known to use a data-wiping malware that can erase Windows and Linux machines. Some Reddit users who appear to be Stryker employees have also mentioned an attack targeting devices running Microsoft InTune, which lets enterprises remotely control and manage devices, including Android and iOS phones.
For now, Stryker's updated post says: "We are working to ensure our electronic ordering system is back up and running as quickly as possible. It is safe to communicate with Stryker employees and sales representatives by email and phone, and within your facility."
It's unclear how Handala infiltrated Stryker. But the group's tactics include sending phishing messages that pretend to come from legitimate organizations, such as cybersecurity vendor CrowdStrike. In reality, the messages are loaded with a malicious attachment. Security researcher Kevin Beaumont also noted that the group usually operates by breaking into an IT network, then lying low for "months” before launching a data-wiping attack.
In the meantime, the hacktivist group says it breached Stryker in retaliation for the US military’s missile attack on a school in Iran. “This is only the beginning of a new chapter in cyber warfare,” Handala said. On the same day, the group also claimed to have breached Verifone, an electronics payments provider. However, Verifone told PCMag it "has found no evidence of any incident related to this claim and has no service disruption to our clients."
Editor's note: This story has been revised to mention Stryker's updated post on the situation.