Medical technology maker Stryker Corp., hit by a crippling cyberattack linked to a pro-Iran group, is still investigating the breach and doesn’t know when its systems will be back online.
The company said in a regulatory filing Wednesday afternoon that it expects the breach to continue disrupting operations and “the timeline for a full restoration is not yet known.” In an earlier memo seen by Bloomberg News, the company acknowledged that the attack had pummeled its network.
A pro-Iranian digital activist group, Handala, has claimed responsibility for the hack, potentially marking the first known major cyber disruption of an American organization since joint US-Israeli strikes against Iran. Neither the company nor any cybersecurity agency has confirmed that an Iranian group was behind the incident.
Many Stryker employees around the world were unable to work, so they were sent home from offices and told to avoid connecting to any Stryker networks or software through any device, according to a person familiar with the situation.
Some employees have also seen data on their devices wiped as a result of the attack, said the person, who asked not to be identified because they weren’t authorized to speak publicly about the matter.
Shares of Stryker fell 3.6% to $345.78 in New York on Wednesday on news of the breach.
A company spokesperson said in an earlier statement that the cyberattack caused a “global network disruption to our Microsoft environment.”
“We have no indication of ransomware or malware and believe the incident is contained,” the spokesperson said. “Our teams are working rapidly to understand the impact of the attack on our systems. Stryker has business continuity measures in place to continue to support our customers and partners.”
Neither the FBI nor the US Cybersecurity and Infrastructure Security Agency responded to requests for comment.
The Trump administration proactively monitors for potential cyber threats, and regulators and law enforcement entities are available for any response measures, according to a White House official who asked not to be identified and didn’t specifically address Stryker’s case.
Stryker manufactures a wide range of medical devices and equipment with a focus on orthopedics, surgical tools, neurotechnology and spinal products. Its lineup includes emergency services and intensive-care disposable equipment, according to the company’s website. Most of its products are marketed directly to doctors, hospitals and other health-care facilities and are available in more than 61 countries, according to the company’s filings.
Stryker generates about $25 billion in revenue annually and has a market valuation of about $132 billion.
Handala claimed responsibility for the attack in a statement posted online Wednesday. The group portrayed its alleged actions as retaliation for a suspected US bombing of an Iranian school and threatened a “new chapter in cyber warfare.”
“Critical health care infrastructure represents a high-value, high-impact target: Disruption doesn’t just mean data loss, it can mean patient safety,” said Sergey Shykevich, threat intelligence group manager at the Israeli cybersecurity firm Check Point Software Technologies Ltd.
The attack unfolded dramatically beginning around midnight US Eastern time, when workers saw systems go down in front of them one at a time. Once they realized what was happening, employees scrambled to unplug some machines in order to save data, according to the person. The effort was frantic and had mixed results. In some offices, as many as 95% of the computers and devices have been wiped, the person said.
In the operation, more than 200,000 systems, servers and mobile devices were wiped and 50 terabytes of data were extracted, Iran’s semiofficial Tasnim news agency reported. Bloomberg News hasn’t independently verified those claims.
Handala suggested it had attacked Stryker because it had connections to Israel. In 2019, Stryker acquired the Israeli company OrthoSpace. Stryker has also previously worked with the US military: Last year, it won a $450 million contract to supply medical devices to the US Department of Defense.
Photo: Photographer: Chris Ratcliffe/Bloomberg
Copyright 2026 Bloomberg.
Topics
Cyber
Interested in Cyber?
Get automatic alerts for this topic.
