158/69 Thursday, March 19, 2026
U.S.-based medical technology company Stryker Corporation has disclosed a cyberattack targeting its internal Microsoft-based systems, resulting in remote data wiping across numerous employee devices without evidence of malware deployment. The company stated that its medical devices and customer-facing products remain unaffected, although its electronic ordering systems are currently unavailable, requiring customers to place orders through sales representatives during the disruption.
The hacker group Handala has claimed responsibility for the attack, alleging that it deleted data from multiple servers and devices and may have exfiltrated up to 50 terabytes of internal data. The group is believed to have links to Iran-aligned threat actors and has a history of conducting phishing attacks, data exfiltration, and destructive wiper operations aimed at causing both operational and psychological impact on organizations.
Preliminary analysis indicates that the attackers compromised administrative accounts, created new Global Administrator accounts, and leveraged Microsoft Intune to issue remote wipe commands across a large number of devices within a short timeframe. Notably, this was not a ransomware attack, and no malware was found on affected systems. The investigation is currently being conducted by the Microsoft Detection and Response Team in collaboration with Unit 42. Stryker confirmed that the incident is contained within internal systems and does not impact external customer-facing services or products.