Pro-Iran hackers hit US medical device giant Stryker in shocking cyberattack after Israel strikes

A suspected cyberattack linked to pro-Iranian hackers has shaken the global healthcare technology sector after targeting Stryker Corporation, one of the world’s largest manufacturers of medical devices used in hospitals and operating rooms. A company statement reported the attack on the major US medical device maker, as it disrupted the company’s internal systems and wiped access to thousands of corporate devices worldwide.

Investigators believe the intrusion may be connected to escalating geopolitical tensions between Iran, Israel and the United States, raising concerns that cyber warfare is becoming an increasingly common tool in modern conflicts. Cybersecurity experts warn the incident could represent a worrying shift: healthcare companies and critical medical supply chains may now be strategic targets in global cyber conflicts.

What happened in the Stryker cyberattack?

The cyberattack triggered a global systems outage across Stryker’s network infrastructure, disrupting access to internal systems for employees and contractors. Reports indicate that remote devices running Microsoft Windows, such as laptops and smartphones connected to company networks, were suddenly wiped or disabled.




Employees reportedly noticed the emblem of “Handala,” a pro-Palestinian hacker group believed by several cybersecurity firms to have links to Iran, appearing on login pages across affected systems. While Stryker said it found no evidence of ransomware or malware, the company confirmed it was dealing with a “global network disruption” linked to the cyberattack and was working with cybersecurity specialists to assess the damage.

The company, headquartered in Michigan, employs about 56,000 people worldwide and reported more than $25 billion in revenue in 2025, producing equipment ranging from orthopedic implants to robotic surgical systems. Since its technologies are widely used in hospitals and surgical centers around the world, the attack immediately raised alarms across the healthcare industry.

Why would pro-Iranian hackers target a medical device company?

Experts say healthcare manufacturers represent an extremely sensitive point in the global health system. According to cybersecurity analysts, disrupting companies that supply hospitals with surgical tools, implants and critical equipment can have ripple effects across healthcare systems worldwide.

Dr Jeff Tully, a medical cybersecurity specialist and Associate Clinical Professor, University of California San Diego School of Medicine; Co-Director, UC San Diego Center for Healthcare Cybersecurity, has repeatedly warned that healthcare infrastructure is becoming increasingly attractive to cyber attackers. He has argued that modern hospitals rely heavily on interconnected technology and medical devices, creating new vulnerabilities if security systems fail.

“Healthcare networks and medical devices are part of critical infrastructure,” Tully has said in discussions on medical cybersecurity. When compromised, disruptions can quickly affect patient care. Dr Tully is a leading researcher in medical cybersecurity and hospital infrastructure protection. His work focuses on vulnerabilities in connected healthcare systems and the risks posed by cyberattacks on medical devices and emergency services.

Another reason healthcare companies are attractive targets is the value of healthcare data. Patient records and medical systems contain sensitive personal and financial information, making them highly valuable on black markets.

A new front in the Iran vs US–Israel conflict?

Many analysts see the cyberattack as a part of a broader cyber dimension of the geopolitical confrontation involving Iran, Israel and the United States. Experts have long warned that military conflict often spills into cyberspace. According to cybersecurity researchers, Iranian-aligned hacking groups frequently operate through proxy “hacktivist” networks rather than directly claiming responsibility for attacks.

These groups target organisations linked to countries perceived as adversaries or supporters of opposing geopolitical blocs. The suspected involvement of the Handala hacker group fits this pattern. The group has previously claimed cyberattacks against Israeli organisations and entities across the Gulf region.

Cybersecurity analysts say that such attacks allow governments or affiliated actors to send political messages without escalating to direct military confrontation.

The rise of cyber warfare

The attack highlights the growing role of cyber operations in modern geopolitics. Cyber warfare is no longer limited to espionage or data theft. Increasingly, it involves disruptive attacks on infrastructure, including energy systems, transportation networks and healthcare services.

Iran has previously been accused of large-scale cyber operations targeting global infrastructure. One notable example was Operation Cleaver, a campaign that reportedly targeted dozens of critical infrastructure organizations worldwide, including hospitals, airports, and energy companies.




Meanwhile, cyber operations have also been used by Western governments. The famous Stuxnet malware, believed to have been developed by the United States and Israel, was used to sabotage Iran’s nuclear program more than a decade ago. These incidents demonstrate how cyber operations have become an established tool of geopolitical competition.

Why healthcare systems are vulnerable to cyber attacks

Healthcare infrastructure presents unique cybersecurity challenges. Modern hospitals rely on thousands of interconnected devices, from imaging machines and robotic surgical tools to wearable monitors and smart infusion pumps. Researchers warn that these Internet-connected medical devices create new security vulnerabilities.

One study on medical device cybersecurity found that attackers can manipulate connected healthcare systems by injecting false data, altering device settings, or disrupting their operation entirely. Another analysis of medical imaging equipment found that cyber intrusions could potentially tamper with diagnostic machines or disable them during critical medical procedures.

Cybersecurity specialists refer to these attacks as “medical device hijacking” or “medjack” in which hackers exploit vulnerabilities in connected hospital devices to gain access to broader networks. Such attacks could theoretically affect everything from hospital imaging systems to life-support equipment.

Hospitals are already under cyber threat

Cyberattacks on healthcare institutions are not new. In 2017, the WannaCry ransomware attack crippled hospitals and healthcare systems around the world, including Britain’s National Health Service. Hospitals were forced to cancel surgeries, divert ambulances, and revert to paper records after computer systems became inaccessible.




Another example occurred in 2021 when a ransomware attack shut down IT systems across New Zealand’s Waikato District Health Board, severely disrupting hospital operations for weeks. These incidents demonstrate the real-world consequences of cyberattacks on healthcare infrastructure.

Could patient care be affected by cyber attacks?

So far, there is no evidence that the Stryker cyberattack directly disrupted hospital operations. However, experts warn that attacks on medical technology manufacturers can still have major downstream effects. Since companies like Stryker supply equipment used in surgeries, orthopedics and medical imaging, disruptions to their operations could potentially affect:

• Device maintenance and updates
• Software patches and cybersecurity fixes
• Supply chains for surgical tools and implants
• Technical support for hospitals

Cybersecurity researchers say that such disruptions could ultimately affect patient care if not quickly resolved.

Experts warn of growing cyber risk

Cybersecurity experts believe the attack may signal a broader shift toward cyber conflict targeting healthcare infrastructure. Analysts warn that geopolitical tensions could encourage hackers to target industries that are both economically significant and symbolically powerful. Healthcare fits both categories.

John Hultquist, Chief Analyst, Google Threat Intelligence Group (formerly Mandiant Intelligence) had said, “State-aligned cyber actors often operate through proxy groups and hacktivists to conduct disruptive attacks while maintaining plausible deniability.” His statement comes from recent threat intelligence analyses by the Google Threat Intelligence Group on state-aligned cyber actors. Hultquist is one of the world’s most cited analysts on nation-state cyber operations, particularly those linked to Iran, Russia and China.

His research frequently examines how geopolitical conflicts spill into cyberspace. His observations about state-aligned hackers operating through proxy or hacktivist groups are based on ongoing intelligence assessments published by cybersecurity firms and government reports over the past decade, especially 2018–2025 threat intelligence briefings on Iranian cyber operations. Threat intelligence analyses consistently describe how nation-state actors use loosely affiliated hacktivist groups to maintain plausible deniability, a strategy widely documented in cyber conflict research.

As per Kevin Fu, Professor of Electrical and Computer Engineering and Director of the Archimedes Center for Medical Device Security

Organisation: Northeastern University, “Medical devices and hospital technology are part of critical infrastructure, and vulnerabilities in these systems could have serious safety implications for patients.” This attributes to the ongoing research and regulatory discussions on medical device cybersecurity during the late 2010s and early 2020s.

Fu is one of the most prominent experts on medical device cybersecurity, advising governments and regulators on how to protect connected healthcare technology from cyber threats. He has made similar warnings repeatedly in policy discussions, FDA advisory roles and academic work since roughly 2018 onward, especially regarding medical device cybersecurity risks. His research and policy commentary emphasise that medical devices are part of critical infrastructure and must be protected from cyber threats, a concern echoed in healthcare cybersecurity research and regulatory discussions.

Experts also warn that medical device manufacturers may not always prioritise cybersecurity to the same degree as other sectors such as finance or defence. Connected medical technologies are often designed primarily for clinical performance rather than cybersecurity resilience, leaving potential vulnerabilities.

The future of cybersecurity in healthcare

The attack on Stryker could accelerate efforts to strengthen cybersecurity across the healthcare sector. Governments and regulatory bodies have increasingly pushed medical device manufacturers to incorporate stronger security measures.

These include:

• Mandatory cybersecurity testing for medical devices
• Continuous software updates and patching
• Segmentation of hospital networks
• Real-time threat monitoring systems

Experts say that protecting healthcare infrastructure requires cooperation between governments, technology companies, hospitals and cybersecurity firms.

Cyber conflict is becoming the “invisible battlefield”

Perhaps the most important takeaway from the incident is how cyber warfare is reshaping modern conflict. Unlike traditional military attacks, cyber operations can strike targets thousands of miles away, often without clear attribution. This makes them a powerful tool for states and politically motivated groups seeking to disrupt adversaries without triggering full-scale war.

In the case of the suspected Iranian-linked cyberattack on Stryker, experts say the incident illustrates how critical civilian industries, especially healthcare, are increasingly caught in the crossfire of geopolitical cyber conflict. As tensions continue to simmer across the Middle East and beyond, cybersecurity analysts warn that incidents like this may become more common.

For the healthcare industry, the clear message is that protecting hospitals and medical technology from cyber threats is no longer just a technical challenge, it is now a matter of global security.