Stryker Corporation, a leading medical technology company, disclosed on Wednesday that it suffered a cyberattack, causing widespread disruption to its Microsoft environment worldwide. The company stated there is no evidence of ransomware or malware and believes the incident is contained, with teams actively assessing the full scope of the impact.

The self-described Iran-backed hacker group Handala claimed responsibility for the assault, labeling it a wiper attack that erased data from more than 200,000 systems, servers, and mobile devices at Stryker offices in 79 countries. Handala asserted the operation also involved extracting substantial data volumes and was executed via remote wipe commands through Microsoft Intune. The group framed the attack as retaliation for a U.S. missile strike on February 28 that hit a school in Minab, Iran, killing at least 175 people, mostly children, and accused Stryker of ties to Israel through a 2019 acquisition.

Stryker, which employs about 56,000 people across 61 countries and generated $25 billion in sales last year, activated business continuity plans to maintain support for customers and partners. However, the attack forced shutdowns at multiple sites, including its European headquarters in Cork, Ireland, where around 5,500 workers—4,000 in Cork—are based; support, administrative, and engineering staff were sent home, with personal devices including Outlook wiped and communication shifting to WhatsApp. Manufacturing at Cork facilities continued on some machines, though sustainability remained unclear.

The incident rippled into financial markets, with Stryker shares dropping 3.4% to around $345 during trading on Wednesday. In healthcare, the attack has begun affecting orders for surgical supplies at some U.S. medical systems, given Stryker's role as a key supplier to hospitals nationwide, though the American Hospital Association reported no direct disruptions to patient care as of late afternoon.

Handala, assessed by cybersecurity firms as affiliated with Iran's Ministry of Intelligence and Security and operating under personas like Void Manticore, emerged around late 2023 with a focus on Israel through hack-and-leak operations. It has claimed prior strikes on Jordanian fuel systems and an Israeli energy firm, often exploiting supply-chain vulnerabilities. Experts described the Stryker breach as a significant escalation, marking a rare, destructive supply-chain hit on healthcare infrastructure.

Ireland's National Cyber Security Centre was notified, and U.S. authorities, including the FBI and CISA, received inquiries but had not commented publicly by Wednesday evening. Stryker pledged ongoing transparency as it works to restore operations.