Stryker Tells Customers Manufacturing Systems Restored

Stryker Tells Customers Manufacturing Systems Restored Device Maker Is Still Investigating March 11 Attack Claimed by Iranian Hacktivists Marianne Kolbasuk McGee (HealthInfoSec) • April 3, 2026     Credit Eligible Get Permission Medical technology maker Stryker says its global manufacturing operations are restored following a March 11 cyberattack claimed by Iranian hackers. (Image: Stryker) Medical technology maker Stryker said it has restored its systems and is operational across its global manufacturing network three weeks after a wiper attack by Iranian hacktivist group Handala led to a worldwide outage at the company. See Also: Gen AI Stalls, Shadow AI Rises: A CISO Concern The March 11 attack caused thousands of mobile devices to be wiped, and some log-in screens replaced with the Handala logo. Handala, widely suspected of being a hacktivist front for Iran's Ministry of Intelligence, boasted that it permanently deleted more than 12 petabytes of Stryker data and stole 50 terabytes of data. (see: Medtech Firm Stryker Disrupted by Pro-Iran Hackers). The attack, in which the hackers broke into the medical device maker's Active Directory, led to a disruption in IT systems supporting electronic ordering, shipping and other vital company operations (see: Health Sector Braces for Stryker Hack Supply Chain Shock). Stryker told customers in an update Wednesday that its manufacturing production "is moving rapidly toward peak capacity with discipline and stability, supported by restored commercial, ordering and distribution systems." "Overall product supply remains healthy, with strong availability across most product lines, as we continue to meet customer demand and support patient care," the Michigan-based company said. In the meantime, Stryker said it continues to work "around the clock" in close partnership with third‑party cybersecurity experts, government agencies and industry partners as the investigation into the incident progresses, "reflecting a shared commitment to protecting the healthcare ecosystem and supporting ongoing recovery efforts." The company, in an update on March 23, said the incident had been contained. In the early days responding to the incident, Stryker said the attack did not involve ransomware or malware (see: Stryker: Cyber Incident Contained, Restoration Continues). But during the investigation conducted with Palo Alto Networks Unit 42 into the incident, experts identified that the threat actors used a malicious file to run commands that allowed them to hide their activity while in the company's IT systems, Stryker said. But the file was not capable of spreading - either inside or outside of the company's environment, he said. About a week after the attack on Stryker, the U.S. Department of Justice said the FBI seized web domains associated with Handala after the gang posted documents and screenshots it said came from inside Stryker's IT systems (see: FBI Seizes Iranian Online Leak Sites After Stryker Hack). Stryker is among the top global manufacturers of medical devices, earning $22.6 billion in sales in 2024, producing equipment that spans robotic surgery systems to hospital beds.