Major Cyberattack Hits Michigan Medtech Giant

PORTAGE, Mich. — Stryker Corporation, one of the world's leading medical technology companies, announced it has returned to fully operational status after a devastating cyberattack last month that wiped out systems across its global manufacturing network.

The Michigan-based Fortune 500 company, which employs more than 53,000 people worldwide, reported a severe cyberattack on March 11, 2026, that disrupted its Microsoft environment and affected order processing, manufacturing operations, and shipping systems.

Iranian Hackers Claim Responsibility

The attack was claimed by Handala, also known as the Handala Hack Team, Hatef, or Hamsa — an Iranian-linked pro-Palestinian hacktivist group that has been targeting Israeli organizations since December 2023.

According to cyber security experts, the group used a new Global Administrator account created after compromising a Windows domain admin account to wipe nearly 80,000 devices early on March 11. The attackers reportedly stole 50 terabytes of data before launching their data-wiping attack.

"The Handala group claimed they had stolen 50 terabytes of data before wiping nearly 80,000 devices early that morning," reported BleepingComputer.

Company Restores Operations

By Wednesday, April 1, Stryker announced that it had restored enough systems to return to pre-attack operational levels and that production would quickly reach full capacity.

"As of this week, we are fully operational across our global manufacturing network. Production is moving rapidly toward peak capacity with discipline and stability, supported by restored commercial, ordering and distribution systems," Stryker stated in an update posted on its website.

The company emphasized that overall product supply remains healthy, with strong availability across most product lines, as it continues to meet customer demand and support patient care.

"Our work continues around the clock in close partnership with third-party cybersecurity experts, relevant government agencies and industry partners as our investigation progresses, reflecting a shared commitment to protecting the healthcare ecosystem and supporting ongoing recovery efforts," the company added.

Malicious File Discovered

Although it was initially believed the attackers hadn't used any malicious tools during the breach, security experts who helped with the investigation found a malicious file that helped the attackers hide malicious activity while inside the company's network.

Stryker also revealed that the investigation is ongoing in partnership with outside cyber experts and government agencies including the FBI, which seized two websites used by the Handala hackers.

Company Background

Stryker Corporation reported global sales of $22.6 billion in 2024. The company makes a wide range of products including neurotechnology and surgical equipment, with products used in hospitals and healthcare facilities worldwide.

The company's headquarters are located in Portage, Michigan, adjacent to Kent County, where the Grand Rapids metropolitan area is located.

Broader Cybersecurity Concerns

The Stryker attack highlights growing cybersecurity concerns for critical infrastructure companies. Following the incident, the Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft released guidance on securing Microsoft Intune and hardening Windows domains to block similar attacks.

The Handala group has been linked to Iran's Ministry of Intelligence and Security and is known for leaking sensitive data stolen from victims' compromised systems. The group has also been accused of overselling its accomplishments in some cases.

Ongoing Investigation

Stryker said it continues to work with outside cybersecurity experts, government agencies and industry partners on its investigation and recovery efforts. The company emphasized that patient care remains its highest priority throughout the process.

"This remains a 24/7 effort and the first priority of our entire organization," Stryker stated.