Stryker, the Michigan-based medical device company, said Wednesday it is experiencing a global network disruption to its Microsoft environment after an iranian cyber attack that coincided with public claims by the hacking persona Handala Team.
Stryker and Iranian Cyber Attack
Stryker said that the disruption was “due to a cyberattack” and added, “We have no indication of ransomware or malware and believe the incident is contained. ” The company also confirmed the outage affected its Microsoft environment worldwide and that its teams were working to understand the impact. The pattern suggests an operational hit on corporate communications rather than a classic ransomware campaign, because Stryker has explicitly ruled out ransomware or malware while describing a global Microsoft outage.
Handala Team Microsoft Intune
Handala Team has claimed responsibility, and cybersecurity analysts have pointed to public evidence that attackers gained access to the company’s Microsoft Intune account and used its remote-wipe capabilities to reset devices to factory settings. Rafe Pilling, director of threat intelligence at Sophos, said the attackers appeared to have obtained access to the Microsoft Intune management console and triggered remote wipes for some or all enrolled devices. The figures point to a method focused on device management controls rather than the deployment of new malware on Stryker networks.
Global Disruption to Stryker Systems
Employees reported work-issued phones stopped working and that calls to Stryker’s Portage, Michigan headquarters encountered a recorded message citing a “building emergency. ” Outages began shortly after midnight on the US East Coast on Wednesday, knocking out Windows-based devices connected to Stryker systems. Handala has also claimed seizure of large amounts of data—50 terabytes—and one social-media claim referenced 200, 000 affected systems; Stryker has not confirmed those figures. The scope of these claims matters because Stryker reported revenues of more than $25bn in 2025 and says its products reach more than 150 million patients annually across 61 countries, which means operational impact at scale could disrupt supply and support chains for healthcare providers.
What remains unresolved is whether Handala’s claims of seizing 50 terabytes of company data can be verified and whether Stryker will publicly confirm any data exfiltration. Specifics of how the hack was conducted are not clear, and Stryker has not confirmed the group’s involvement; those named points are the immediate open questions the public and regulators will watch next.
