The Iranian-linked hacking group Handala claims responsibility for a major cyberattack on the American medical technology company Stryker. The group states it extracted over 50TB of data and wiped more than 200,000 devices, including employee personal devices connected to the company's network via mobile device management (MDM) software.
Stryker confirms a cyberattack disrupted its global network but believes the situation is contained to its Microsoft environment, with no indication of malware or ransomware. Employee reports on Reddit detail devices being wiped and issues with two-factor authentication.
The attack is noted as a significant escalation, representing the first major cyberattack linked to the U.S.-Israel-Iran conflict to directly impact a private company, indicating the digital warfare is expanding internationally.
Main topics: Cyberattack, Iranian hacking group (Handala), data breach and device wiping, impact on Stryker and its employees, mobile device management (MDM) risks, and the conflict's expansion into global cyber warfare.
Iran hacking group claims attack on med-tech company Stryker — says over 200,000 devices have been wiped clean and over 50TB of data extracted
The Iranian-linked hacking group Handala claims that it's behind the attack.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
You are now subscribed
Your newsletter sign-up was successful
Iranian hacking group Handala claims that it has successfully attacked American medical technology company Stryker, resulting in the extraction of 50TB of data and the wiping of over 200,000 devices connected to the company, including personal devices owned by its employees. The Michigan-based firm is a Fortune 500 company that operates in 61 countries with 56,000 employees, and it serves 150 million patients annually. According to The Register, this would be the first major cyberattack connected to the ongoing U.S.-Israel-Iran war to directly hit a private company.
“We are continuing to resolve the disruption impacting our global network, resulting from the cyber attack (sic),” the company said in a statement. “At this time, there is no indication of malware or ransomware and we believe the situation is contained to our internet Microsoft environment only.”
Stryker Hit by Handala - Intune Managed Devices Wiped from r/cybersecurity
Some Stryker employees from Ireland, Australia, and the U.S. went on to Reddit to talk about the attack, with some claiming that their Stryker-managed devices were wiped clean at around 3:30 AM EDT. Other comments suggested that their personal devices that are connected to Stryker’s network have been hit, too, making them unable to log into their accounts because their two-factor authentication has been wiped from their phones. The company also allegedly told its personnel to remove Microsoft Intune, a cloud-based Unified Endpoint Management tool used for managing, securing, updating, and monitoring devices across operating systems, including Windows, macOS, iOS, iPadOS, Android, and Linux, Microsoft Teams, and the company portal and VPN from personal devices.
Article continues belowIt’s currently unclear how the hackers were able to breach Stryker’s systems, but the company says that only its internal Microsoft environment has been affected so far. What’s unfortunate, though, is that even the personal devices of employees have been affected through Stryker’s mobile device management (MDM) software. The creator of the O.MG pen testing cable even said on X that they wouldn’t allow companies to install these on personal devices, even though the organization promises that it will not access or erase personal data. In most cases, this is only a policy, and the MDM app still retains these capabilities. So, if a bad actor were to gain control of the management suite, it could have complete and unprecedented access to the users’ personal data, as evidenced by the Stryker breach.
If you use a personal phone/laptop for your work, pay very close attention to this little detail. Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices.The attackers used the company’s MDM software, which… https://t.co/oPcLv5HUAr pic.twitter.com/z5XlsTECbIMarch 12, 2026
This marks another escalation in the ongoing war in the Middle East, coming just a day after Iran released a threat to Nvidia, Microsoft, and other tech companies in the Middle East. However, this is par for the course in any modern conflict, and we’ve already seen cyberattacks targeting civilian infrastructure happen across other warzones and nearby regions, such as in Ukraine and Eastern Europe. But the fact that Stryker — a U.S.-based company based nowhere near the Middle East — was hit by this major cyberattack shows that the online part of this conflict is starting to spill out to the international stage.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Jowi Morales is a tech enthusiast with years of experience working in the industry. He’s been writing with several tech publications since 2021, where he’s been interested in tech hardware and consumer electronics.
Meridiano
