Stryker is continuing to deal with the fallout from a cyberattack that an Iran-linked hacktivist group, Handala, has claimed responsibility for.
The cyberattack began in the early hours of 11 March, with Stryker’s headquarters in Cork, Ireland, the first site affected by the incident.
Go deeper with GlobalData
Discover B2B Marketing That Performs
Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.
In a Form 8-K filed with the US Securities and Exchange Commission (SEC), Stryker said the incident caused, and is expected to continue to cause, “disruptions and limitations of access to certain of the company’s information systems and business applications supporting aspects of the company’s operations and corporate functions”.
In its latest update to customers, Stryker has emphasised that the incident is contained to the medtech giant’s “own internal Microsoft environment”, yet noted that disruptions persist vis-à-vis order processing, manufacturing and shipping protocols.
Ripple effects for Stryker’s operations
Stryker is a world leader across numerous different device segments, such as orthopaedics, surgical instruments, endoscopy, and neurovascular.
“While some elective procedures such as hip reconstruction and knee reconstruction may be postponed until any potential supply chain issues are resolved, other procedures involving Stryker devices are more urgent, meaning physicians may well turn to alternative suppliers,” Alison Casey, director of medical data and analytics at GlobalData, told Medical Device Network.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalData“For example, patients suffering from acute ischemic stroke who need to be treated with aspiration thrombectomy catheters and stent retrievers represent emergency cases that need to be treated immediately,” Casey continued.
Noting that reports suggest the cyberattack has impacted Stryker’s production in Ireland, Dr Andrew S Thompson, director of therapy research and analysis for medical devices at GlobalData, said that Stryker’s global operations could potentially be affected by the cyberattack.
“Depending on how integrated Styker’s systems are with suppliers’ and customers’ systems, and the robustness of firewalls, there would be concerns over problems spreading,” Thompson noted.
Handala cyberattack motivated by Iran school bombing
In an apparent post by Handala on social media platform X and its page on chat service Telegram following the cyberattack, the group said the action was carried out in retaliation for “the brutal attack on the Minab school and in response to the ongoing cyber assault on the Axis of Resistance”.
Handala’s post went on to call Stryker a “Zionist-rooted corporation” and claimed the attack had “wiped” over 200,000 of the company’s systems and extracted 50 terabytes (TB) of critical data across Stryker’s offices in 79 countries.
Given the hack involves deletion of data, Thompson’s view is that it could damage Stryker’s various partner relationships and impact the company’s ability to “deliver product to healthcare providers and patients”.
“Delays in production ripple through the supply chain with delays to sterilisation services and delivery of components, with possible delays to payments of often much smaller companies who have less of a financial buffer,” Thompson said.
He thinks that consumables supply will be hit quickest, potentially forcing physicians to switch brands or mothball equipment. According to Thompson, the hack could potentially also impact Stryker’s inventory control capabilities, meaning it may hinder the company’s ability to forecast how long it can sustain supply for.
Thompson noted: “And because medical devices are highly regulated, with expiry dates, batch numbers, for recall purposes, this could become critical.”
On 28 February 2026, the first day of the 2026 Iran war, the Shajareh Tayyebeh girls’ elementary school in Minab, Hormozgan province in southern Iran was bombed. Upwards of 150 children are thought to have been killed in the attack.
US President Trump claimed that Iran is “very inaccurate”, has “no accuracy whatsoever”, and was thus responsible for the attack on their own infrastructure. However, outlets including the BBC and Reuters subsequently verified that the strike was likely committed by a Tomahawk missile. Analysis indicates that the US is the only participant in the conflict, aside from Israel and Iran, that possesses this missile type in its artillery.
