US-based medical device maker Stryker Corporation continues to struggle with major operational disruptions more than five days after it was struck by a cyberattack, linked to an Iran-backed hacking group. The company confirmed on March 15, 2026, that its global network and internal Microsoft environment remain compromised. Electronic ordering, supply, and shipping systems are offline, severely hampering customer support and logistics worldwide.
Stryker stated that the breach was limited to its internal Microsoft corporate environment and has not impacted any products. “All Stryker products across our global portfolio, including connected, digital, and life-saving technologies, remain safe to use. This event was contained to Stryker’s internal Microsoft environment, and as a result, it did not affect any of our products—connected or otherwise,” it stated.
“Stryker, much like any Fortune 300 company, has embedded policies and procedures for cybersecurity assurances for our products in the field. This process at Stryker provides additional assurances that no potential vulnerabilities or risk of exploitation related to our connected products exist. Per our standard protocols, we have leveraged this process to confirm that our connected products were not impacted by the incident and remain safe to use,” stated the company.
The firm, which employs 56,000 people across 61 countries, is actively restoring systems, with the goal of a full recovery of core transactional platforms. It is prioritising tools that directly support customers, ordering, and distribution.
In the interim, Stryker has switched to manual processes through sales representatives and distributors while restoring relations with customers and clients.
Geopolitical motive behind cyber risks
The cyberattack was claimed by the Iran-linked group Handala, which stated that it was retaliation for a US military strike on a school in Minab, southern Iran, in late February 2026. The strike had reportedly killed over 100 people, with many of them being children. Cybersecurity analysts have observed destructive tactics used in the attack.
The incident marks one of the first high-profile cyber operations against a major US company amid heightened Middle East tensions involving Iran.
Stryker affirms bringing back its service
“There is nothing more important to us than the customers and patients we serve, and we are grateful for your continued support and partnership,” stated the company. It also promised regular updates as recovery efforts advance.
This Stryker incident arrives as US-Iran tensions escalate following a series of tit-for-tat actions in early 2026. The Minab school strike in February, officially described by the US as a precision operation targeting an IRGC command center embedded in civilian infrastructure, sparked widespread condemnation in Iran and prompted vows of asymmetric retaliation. Handala and affiliated pro-Iran hacker collectives have since intensified targeting of American entities, shifting from defacement and data leaks to disruptive operations against infrastructure and supply chains. Healthcare and critical manufacturing sectors have emerged as prime targets due to their high visibility and potential for real-world impact.