Stryker, a major US medical device maker, said it is dealing with a global network disruption after a cyberattack affected parts of its Microsoft environment. The company stated that the incident has been contained, but some systems still face limitations, and the timeline for full restoration remains unclear.
The disruption drew wider attention after the Iran-linked hacking group Handala claimed responsibility. The group said it launched the attack in response to the strike on a school in Minab, Iran. The incident has added to concerns about possible cyber retaliation against US companies as tensions in the region continue.
Stryker said the cyber incident disrupted access to some internal systems and affected its Microsoft environment. The company added that it has found no indication of ransomware or malware so far. However, some services remain limited as restoration efforts continue across its network.
The company operates in 61 countries and employs about 56,000 people, giving the disruption a broad operational impact. Stryker makes medical devices, surgical equipment, hospital beds, and other healthcare products. Its global scale gives the incident added importance because healthcare providers in many markets rely on its systems and services.
Employees and contractors reported issues affecting devices connected to the company’s network. Several accounts described problems involving Windows-based laptops, phones, and remote access tools. Some staff also said the Handala logo appeared on internal login pages, though Stryker has not publicly confirmed that detail.
Calls to the company’s headquarters in Portage, Michigan, reportedly reached a recorded message referring to a building emergency. At the same time, Stryker said the incident appears contained. Still, the company has not said when all affected systems will return to normal.
Handala claimed responsibility for the cyberattack through messages posted on Telegram. The group said it carried out the operation in response to the strike on a girls’ school in Minab in southern Iran. Iranian officials have said the strike killed around 150 students, though independent verification remains limited.
The hacking group also claimed it obtained about 50 terabytes of data from Stryker’s systems. Stryker has not confirmed that claim. As a result, the extent of any possible data exposure remains uncertain.
The group presented the cyberattack as part of a broader response to military action and related cyber operations. Its public message pointed to a more direct connection between geopolitical conflict and disruptive cyber activity. That stance has increased concern among cybersecurity researchers monitoring Iranian-linked actors.
Handala also said it targeted payments company Verifone in the same campaign. Verifone said its services were operating normally and reported no disruption. That response left Stryker as the only confirmed company in this case facing a major outage.
Also Read: Iran Imposes Near-Total Internet Blackout as Protests Escalate and Trump Issues Stark Warning
Cybersecurity experts have warned that Iranian-linked groups may expand disruptive operations against US and allied companies. The risk has grown as regional conflict moves beyond military action and reaches commercial and digital infrastructure. The Stryker incident reflects that concern because it affected a large company with international operations.
Security researchers have linked Handala to earlier hack-and-leak campaigns and disruptive cyber incidents. Some experts believe the group acts in line with Iranian state interests. Those assessments have increased concern that cyberattacks may become a more visible form of retaliation.
The White House said it is monitoring potential cyber threats and coordinating with infrastructure, regulatory, and law enforcement agencies. Federal authorities have not released detailed public findings on the incident. For now, the confirmed facts remain the global disruption, Handala’s claim of responsibility, and Stryker’s statement that it has found no evidence of ransomware or malware.