Stryker (SYK) Stock Plunges Nearly 4% Following Major Cyberattack Linked to Iranian Hackers

TLDR

• Iranian-affiliated hacker collective Handala took credit for a March 11, 2026 cyberattack targeting Stryker
• The medical device company experienced widespread network outages affecting critical systems and applications
• Handala asserts it destroyed data on 200,000+ devices and stole 50TB of information, framing it as revenge for a school attack in Minab, Iran
• Stryker maintains no ransomware or malware was found and considers the breach contained
• Shares of SYK tumbled 3.6% Wednesday after the attack became public

A devastating cyberattack crippled portions of Stryker’s worldwide infrastructure on March 11, causing the Michigan-headquartered medical technology company’s shares to slide 3.6%.

US medical technology maker Stryker was hacked in an attack that’s crippled the company’s global operations, according to a person familiar with the matter and a memo seen by Bloomberg News https://t.co/2T0FsKctf0

— Bloomberg (@business) March 11, 2026

In an SEC disclosure, the corporation revealed the intrusion severed access to certain data systems and operational applications. No specific recovery timeframe was provided.

Stryker Corporation, SYK

Company personnel and external workers shared on social platforms that an Iranian hacking collective’s branding materialized on corporate login screens. Phone calls to the firm’s Portage, Michigan main office were greeted with an automated message stating the organization was “currently experiencing a building emergency.”

The company emphasized that investigators discovered no ransomware or malicious software and maintains the security incident has been isolated. However, the breach’s reach was substantial enough to impact operations at its Cork, Ireland manufacturing site — home to over 4,000 workers — along with locations in Limerick and Belfast.

The Iran-associated hacking collective Handala announced their involvement through Telegram and X social media channels. The organization positioned the assault as payback for an airstrike targeting the Minab girls’ school in southern Iran, where Iranian authorities report approximately 150 students perished on day one of coordinated U.S.-Israeli bombardments against Iran starting February 28. Reuters has been unable to independently confirm this casualty count.

Handala’s statement alleges they erased data from over 200,000 computing systems, servers, and mobile endpoints, while exfiltrating 50TB of proprietary information. The group further asserted that Stryker locations spanning 79 nations were compelled to cease operations. These particular allegations remain unverified by Stryker.

What Happened on the Ground

According to The Wall Street Journal’s reporting, system failures commenced shortly after midnight U.S. Eastern time Wednesday, cascading internationally thereafter. Remote Windows-based equipment — encompassing laptops and smartphones linked to Stryker’s infrastructure — experienced complete data erasure.

Cynthia Kaiser, a former senior FBI cyber official now at Halcyon, said: “This is exactly the type of attack we have been worried about: Iranian proxies using destructive cyber attacks like data deletion against U.S. companies to retaliate.”

Handala has an established history of malicious activity. Israeli cybersecurity company Check Point released research Tuesday documenting the collective’s involvement in numerous breach-and-exposure campaigns alongside destructive operations centered on information annihilation.

Check Point’s Chief of Staff Gil Messing said the group operates under Iran’s Ministry of Intelligence and called them “the most notorious group affiliated with the Iranian regime.” He said publicly claiming the attack signals “a new phase in Iran’s motivations.”

White House and Verifone

The White House said the Trump administration is “proactively monitoring potential cyber threats” and coordinating with critical infrastructure and law enforcement agencies. The FBI and CISA did not respond to requests for comment.

In the aftermath of the Stryker incident, Handala additionally announced an attack against Israeli financial technology firm Verifone. Verifone refuted these assertions, stating investigators located no indicators of compromise and customer services remained uninterrupted.

Ken Sheehan, director of operations at Smarttech247, observed that Handala primarily leverages phishing tactics and recommended organizations enhance cybersecurity training initiatives.

Stryker maintains a workforce of approximately 56,000 employees distributed across 61 nations and generated over $25 billion in revenue during the previous fiscal year.