Hackers linked to Iran attack US medical technology company
NEWNow you can listen to News articles!
When most people hear about cyberattacks linked to geopolitical conflicts, it may seem very far away. It sounds like something that happens to governments or giant corporations. However, the latest cyber incident involving an American medical technology company shows how fragile digital systems can be. Even more importantly, it raises a question everyone should ask themselves: Are you protected from trouble, too?
A hacking group linked to Iran has claimed responsibility for a cyberattack on Stryker, a Michigan-based company that produces medical equipment and health technology used around the world. Stryker employs approximately 56,000 people and operates in more than 60 countries, making it one of the largest medical technology companies in the world.
Stryker disclosed the incident in a filing with the U.S. Securities and Exchange Commission, saying the outage affected parts of its Microsoft environment and that investigators are working to determine the full extent.
The incident appears to be one of the most significant cyber incidents related to the current conflict so far.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Laboratory assistants from the company BioNTech use Stryker medical equipment in a clean room at a production site in Marburg, Germany, in March 2021. (Boris Roessler/Picture Alliance via Getty Images)
What happened in the Stryker cyberattack
The attack reportedly disrupted parts of Stryker’s global network environment. Reports indicate the outages began shortly after midnight Wednesday on the East Coast. Employees suddenly discovered that their work phones stopped working. Communication between teams stalled when devices became unusable.
ANDROID FIXES 129 SECURITY DEFECTS IN A MAJOR PHONE UPDATE
The Handala hacker group claimed responsibility on social media platforms including Telegram and X. However, the claim has not been independently verified. Some employees also reported seeing the hacking group’s logo appear on company login pages during the outage. In online posts, the group said the attack was retaliation for a bombing at a school in Minab, Iran, although those claims have not been independently verified.
Security experts believe the attackers may have gained access to the company’s Microsoft Intune management console. This platform allows companies to manage corporate devices such as smartphones and laptops remotely. Once inside that system, the attackers appear to have activated a powerful administrative function. Reports suggest that many phones and laptops connected to the company were wiped to factory settings.
Signage at Stryker Corp. headquarters in Portage, Michigan, on Thursday, March 12, 2026. A cyberattack on Stryker Corp. has kept the medical technology company’s ordering and shipping systems offline as the company continues to struggle to address a crippling attack claimed by an Iran-linked group. (Kristen Norman/Bloomberg via Getty Images)
How hackers may have used legitimate tools against the company
The attack was not based on ransomware or traditional malware. Instead, the hackers appear to have used a legitimate feature of the system in a destructive way. Remote wipe tools exist for good reasons. Companies use them when a device is lost, stolen, or retired. However, if attackers gain control of the management console, those same tools can be weaponized. Some cybersecurity researchers believe that attackers may have accessed the company’s Microsoft Intune device management system, although the exact method of the attack has not been publicly confirmed.
Once the attackers accessed the device management system, they likely triggered remote wipe commands on multiple employee devices. The result looked like a massive reset event that effectively shut down normal operations. Stryker later confirmed that it experienced a cybersecurity incident that affected its Microsoft environment. The company said it saw no evidence of ransomware or malware and believes the incident is contained. Stryker said it has activated business continuity measures so it can continue to support customers and partners while systems are restored.
Iran’s long history of destructive cyberattacks
This type of attack fits into a larger pattern. Iran-linked groups have previously launched some of the most damaging cyberattacks on record. These attacks aim to destroy data rather than steal it.
Two notable examples include:
- The attack on Saudi Aramco in 2012, which destroyed tens of thousands of computers
- The cyberattack on the Sands Casino in 2014
Since the start of the current conflict, cybersecurity companies such as Google and Proofpoint have primarily observed Iranian groups conducting espionage operations. However, the Stryker disruption may signal a shift toward more aggressive actions targeting corporate infrastructure. We reached out to both Stryker and Microsoft for comment but did not hear back by deadline.
Why this is important beyond a company
Major cyber incidents rarely remain isolated. When attackers demonstrate a new method, other groups often study and reuse it. That means techniques used against a corporation today may appear in smaller attacks tomorrow. Small businesses, hospitals, and even individuals sometimes become targets when criminals adapt the same tactics. In other words, this story about a medical technology company also carries a warning for everyday digital life.
The Stryker medical technology logo is seen on its plant at the IDA (Industrial Development Agency) estate, in Carrigtwohill, County Cork, Ireland, March 28, 2025. (REUTERS/Kilcoyne Museum)
How to protect yourself from cyberattacks and device wipe threats
Cyberattacks against corporations reveal weaknesses that can affect anyone using connected devices. A few proactive steps can reduce your risk.
1) Use strong and unique passwords
Never reuse passwords between accounts. If attackers obtain a password, they often try it on many services. Also, consider using a password manager to generate and securely store complex passwords so you don’t need to remember them. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com
2) Enable two-factor authentication
Add a second verification step, such as two-factor authentication (2FA), can stop attackers even if they get your password.
3) Consider a data removal service
Data broker sites collect and sell personal data that criminals can exploit. Deleting that information can reduce your exposure. Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
4) Install powerful antivirus software
Reliable antivirus protection helps detect suspicious activity, phishing attempts, and malware before it spreads. Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
5) Back up important files regularly
If a device is wiped or compromised, backups allow you to quickly restore critical data.
Take my quiz: How safe is your online security?
Do you think your devices and data are really protected? Take this quick quiz to see where you stand digitally. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing well and what you need to improve. Take my quiz here: Cyberguy.com.
Kurt’s Key Takeaways
Cyberattacks were once primarily focused on information theft. Today, many attackers try to disrupt systems, delete data, or create chaos. The reported incident involving Stryker shows how hackers can turn everyday administrative tools into powerful weapons. If someone gains access to the right controls, they may not need any traditional malware. For many people, cyber conflict between countries may seem distant. However, the same technology involved in those attacks powers the devices and services we rely on every day. Your phone, laptop, and cloud accounts connect to systems that rely on trust and access permissions. That’s why digital security now requires layers of protection. Strong passwords help. Secure devices help. Being aware of threats also helps. Preparation can make the difference between a quick recovery and a major disruption. If something unexpected happens, the people who recover the fastest are usually those who took some steps to protect themselves in advance.
And that leads to an important question. If your phone, laptop, or cloud account were suddenly wiped tomorrow, would you be ready to recover? Let us know by writing to us at Cyberguy.com.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2026 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and devices that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.