Suspected Iranian-Linked Malware Hits Medical Tech Giant

A major cyberattack has disrupted operations at medical technology giant Stryker, forcing thousands of employees offline at its Cork, Ireland headquarters. The incident began on March 11, 2026, when workers suddenly lost access to corporate networks, internal software, and company communications.

Several devices connected to the network reportedly displayed the symbol of the Handala hacking group, which cybersecurity analysts have previously linked to Iran-aligned cyber operations.

Early reports suggest the attackers deployed wiper malware, a destructive form of cyberattack designed to permanently erase system data rather than demand ransom.

The disruption appears to extend beyond Ireland, with employees in multiple countries reporting system outages across Stryker’s global network. Ireland’s National Cyber Security Centre, along with Stryker’s internal security teams and external experts including Microsoft engineers, are investigating the breach to determine how attackers gained access and how much infrastructure may have been damaged.

In a statement, the company said it is experiencing a “severe, global disruption impacting all Stryker laptops and systems that connect to our network,” adding that teams are working to restore systems and maintain operations.

Why It Matters: This attack exemplifies how cyberattacks on core IT infrastructure can quickly cascade into operational disruption, especially in industries where manufacturing and business systems are tightly integrated. When enterprise networks, endpoints, and identity systems fail simultaneously, the impact extends beyond IT outages to halted production, supply chain delays, and global risk.

• Wiper Malware Signals a Destructive Cyberattack Rather Than a Financially Motivated Breach: Unlike ransomware attacks that encrypt files and demand payment for restoration, wiper malware is designed to permanently destroy data. It can overwrite hard drives, delete operating systems, and erase network records so systems cannot easily recover. Because attackers gain little financial benefit from this type of operation, cybersecurity analysts often associate wiper campaigns with politically motivated cyber warfare or sabotage intended to cause widespread disruption.

• Thousands of Employees Were Abruptly Cut Off From Corporate Systems Across Multiple Countries: Approximately 5,500 Stryker employees in Ireland, including nearly 4,000 in Cork, were affected when internal networks went offline. Workers reported that corporate laptops, mobile phones tied to company email accounts, and internal software tools stopped functioning within minutes. Some devices reportedly displayed the Handala logo before their data was wiped. Suggesting attackers had already gained deep access to internal systems. Staff in the United States, Australia, India, and other locations also reported outages, indicating the disruption may have spread across Stryker’s global infrastructure.

• Manufacturing, Engineering, and Product Development Systems Were Impacted: The outage disrupted software used for product design, manufacturing coordination, testing systems, and supply chain management. Even when factory machinery itself remains operational, modern medical device production relies heavily on connected digital systems. If engineers lose access to design files, quality-control software, or production scheduling tools, manufacturing can slow significantly or halt altogether.

• Suspected Involvement of the Iranian-Linked Handala Hacker Group Raises Geopolitical Concerns: Investigators believe the attack may be connected to Handala Hack, a group analysts have linked to Iran-aligned cyber networks. The group has previously targeted Israeli organizations and regional infrastructure and reportedly claimed responsibility the same day for hacking the website of Israel’s Academy of the Hebrew Language. If confirmed, the Stryker breach could represent an example of geopolitical cyber conflict extending into corporate infrastructure.

• Cork Is a Critical Manufacturing Hub for Stryker’s Global Operations: The city represents Stryker’s largest base outside the United States, hosting six major manufacturing and research facilities that produce orthopedic implants and surgical technologies used worldwide. Since establishing its first Cork site in 1998, the Michigan-based company has expanded to employ more than 5,000 people across Ireland. Because these facilities rely heavily on digital production systems, prolonged outages could slow manufacturing output and affect international medical device supply chains.

Go Deeper -> Stryker Cyber Attack: Did Iranian-linked hackers use wiper malware to shut down Cork systems and disrupt global medical device production? 4,000 workers offline in suspected wiper attack – The Economic Times

Cork Stryker plants hit by suspected global Iranian-linked cyberattack – CorkBeo