Medtech Giant Stryker Fully Operational Three Weeks After Iranian-Linked Data-Wiping Cyberattack

Stryker Corporation, one of the world's largest medical technology companies, has restored full operations approximately three weeks after a destructive cyberattack wiped data from many of its systems, the company confirmed to BleepingComputer. The attack was claimed by Handala, an Iranian-linked hacktivist group that has previously targeted Israeli and Western organizations. Handala employs wiper malware designed to irreversibly destroy data on compromised systems rather than encrypt files for ransom, making recovery dependent on backup integrity rather than ransom negotiation. Stryker's recovery timeline of three weeks to reach full operational status is relatively fast for a destructive attack of this nature, suggesting the company's backup and disaster recovery capabilities were able to restore affected systems without significant permanent data loss. The speed of restoration also indicates Stryker had pre-existing incident response procedures that could be activated quickly. Stryker manufactures surgical equipment, implants, and medical devices used in hospitals globally. An extended operational disruption could have had downstream consequences for medical procedures that depend on Stryker supply chains and technical support. The incident is part of a pattern of Iranian-affiliated cyber operations targeting Western companies and infrastructure. The Handala group in particular has been linked to attacks with politically motivated destructive intent rather than financial objectives, a distinction that complicates traditional cyber insurance recovery frameworks. Stryker did not disclose which systems were affected or whether any patient or clinical data was accessed or exfiltrated prior to the wiping. An investigation into the full scope of the breach remains ongoing.