Iranian Hackers Wipe 200,000 Devices at Stryker in Major Cyberattack

Iranian hacking group Handala has claimed responsibility for a major cyberattack on American medical technology company Stryker, resulting in the wiping of over 200,000 devices and the extraction of 50TB of data from the company's systems.

The attack, which occurred in the early morning hours of March 12, 2026, represents what cybersecurity experts are calling the first major cyberattack connected to the ongoing U.S.-Israel-Iran conflict to directly hit a private company. Stryker, a Fortune 500 medical technology firm based in Michigan, operates in 61 countries with 56,000 employees and serves 150 million patients annually.

According to reports from employees across Ireland, Australia, and the United States, the attack began around 3:30 AM EDT when Stryker-managed devices were wiped clean. The scope of the attack extended beyond corporate devices, affecting personal devices owned by employees that were connected to Stryker's network. Employees reported being unable to log into their accounts because two-factor authentication had been wiped from their phones.

In response to the attack, Stryker has been working to resolve the disruption impacting its global network. The company stated that there is no indication of malware or ransomware, and they believe the situation is contained to their internet Microsoft environment only. However, the company has advised personnel to remove Microsoft Intune, a cloud-based Unified Endpoint Management tool, along with Microsoft Teams, the company portal, and VPN from personal devices.

The Scope of the Attack

The scale of the cyberattack is unprecedented, with Handala claiming to have wiped over 200,000 devices connected to Stryker's network. This includes not only company-owned equipment but also personal devices belonging to employees. The attackers reportedly used Stryker's mobile device management (MDM) software to gain access to personal devices, raising serious questions about the security implications of allowing companies to install management software on personal equipment.

The creator of the O.MG pen testing cable took to social media to warn about the dangers of MDM software, stating that even when organizations promise not to access or erase personal data, this is often only a policy. The MDM app typically retains these capabilities, meaning that if a bad actor gains control of the management suite, they could have complete and unprecedented access to users' personal data.

Technical Implications

The attack highlights the vulnerabilities inherent in mobile device management systems. These tools, designed to help organizations manage, secure, update, and monitor devices across various operating systems including Windows, macOS, iOS, iPadOS, Android, and Linux, can become a single point of failure if compromised.

Security experts point out that the Stryker breach demonstrates how attackers can leverage legitimate management tools to cause widespread damage. By gaining control of the MDM software, the hackers were able to execute a coordinated wipe of thousands of devices simultaneously, effectively using the company's own security infrastructure against it.

Context of the Attack

This cyberattack comes amid escalating tensions in the Middle East and represents a significant escalation in the digital warfare aspect of the conflict. Just one day before the Stryker attack, Iran had released threats targeting Nvidia, Microsoft, and other tech companies in the Middle East.

The targeting of Stryker, a U.S.-based company with no direct operations in the Middle East, demonstrates how the conflict is expanding beyond regional boundaries. This mirrors patterns seen in other modern conflicts, where cyberattacks have targeted civilian infrastructure in countries far removed from the physical battlefield.

Industry Response

The cybersecurity community has responded with alarm to the sophistication and scale of the attack. Many experts are now questioning the wisdom of allowing companies to install management software on personal devices, particularly in industries dealing with sensitive medical information.

Some security professionals recommend that employees be extremely cautious about installing any corporate management software on personal devices, regardless of the promises made by their employers. The Stryker incident has shown that these assurances may be meaningless if the company's systems are compromised.

Impact on Medical Technology

As a leading medical technology company, Stryker's compromise raises serious concerns about the vulnerability of healthcare infrastructure to cyberattacks. The company produces a wide range of medical devices and technologies used in hospitals and healthcare facilities worldwide.

While there is no indication that patient care has been directly affected by this attack, the breach of a major medical technology provider highlights the potential for cyberattacks to indirectly impact healthcare delivery through the compromise of the companies that supply critical medical equipment and software.

Moving Forward

The Stryker cyberattack serves as a wake-up call for companies that rely on mobile device management systems and those that allow employees to use personal devices for work purposes. It demonstrates the need for more robust security measures and raises questions about the balance between convenience and security in modern workplace technology.

As investigations into the attack continue, cybersecurity experts are likely to focus on how the attackers gained initial access to Stryker's systems and how they were able to leverage the MDM software so effectively. The lessons learned from this incident will likely shape corporate cybersecurity policies for years to come.

Image credit: Getty Images

The attack on Stryker represents a new frontier in cyber warfare, where the targeting of civilian companies far from conflict zones has become a viable strategy. As the digital and physical worlds continue to merge, the boundaries of what constitutes a legitimate target in modern conflicts are likely to become increasingly blurred.