Iran hackers claim cyberattack at US medtech firm

News
Stryker

The consequences of the US-Israel war in Iran have spilled over into the medtech sector, with a cyberattack launched against prominent US company Stryker.

An Iranian hacker group has claimed responsibility for the attack, which Michigan-headquartered Stryker said resulted in a "global disruption" to its Microsoft environment but is now believed to be contained.

The hacker group calling itself Handala says the attack was in response to the bombing of the Minab school in Iran, now believed to have been the result of a Tomahawk missile strike from US forces, that the Iranian government says killed 168 people, including 110 children.

While cyberattacks against corporations are not uncommon, this incident is remarkable because there was no attempt at extortion, with the motive seemingly to cause as much disruption and damage as possible.

Pharma and medtech companies are viewed as prime targets for extortive cyberattacks, as they typically have high-value intellectual property and operate in highly competitive sectors, and often have vulnerable, legacy IT systems in place, according to cybersecurity specialist Hornet.

The Stryker incident suggests that with geopolitical tensions and chaos rising around the world, companies and healthcare systems will have to exert ever more strenuous efforts to shore up their defences as national actors ramp up 'shadow war' activities in the digital realm with destructive attacks.

Stryker, a major player with sales of more than $25 billion in 2025, said in a financial filing (PDF) that the cyberattack "has caused, and is expected to continue to cause, disruptions and limitations of access to certain of the company's information systems and business applications supporting aspects of the company's operations and corporate function."

The medtech company has not given a timeline for normal operations to resume, and has seen its shares weaken by around 5% on investor fears of long-term effects that have plagued some other corporations hit by cyberattacks, such as UK retailer Marks & Spencer, which was forced to shut down its online business last year for several weeks at an estimated cost of around $400 million.

"The full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known," it said. "Accordingly, the company has not yet determined whether the incident is reasonably likely to have a material impact."

Earlier this month, cybersecurity company Sophos reported that its analysts were seeing "an elevated volume of Iranian hacktivist chatter across Telegram, X, and underground forums," in response to the military strikes by Israel and the US.

"Historically, many pro-Iran hacktivist attacks have had low sophistication and limited success," it added, whilst warning that "Iranian state-sponsored groups may conduct high-sophistication retaliatory attacks."

Market Access
12 questions with: Daniel Kohlstaedt

12 questions with: Daniel Kohlstaedt

Daniel Kohlstaedt, managing director of PurpleLeaf Strategy, with more than 18 years of experience in pharma, talks about his journey through the industry.