A hacktivist group with ties to Iran’s intelligence agencies has taken credit for a major attack on Stryker, a Michigan-based medical technology company. Reports indicate that Stryker’s largest facility outside the U.S., located in Ireland, has sent home more than 5,000 employees due to the incident. At the same time, their U.S. headquarters has declared a building emergency.
Stryker, which reported $25 billion in sales last year, is known for its medical and surgical equipment. The Iranian group, Handala, claims to have wiped data from over 200,000 devices across Stryker’s operations in 79 countries. In a statement posted on Telegram, they declared that the stolen data is now in “the hands of free people,” suggesting a motive tied to a recent tragedy in Iran.
The group’s attack was reportedly in retaliation for a missile strike that killed 175 people, mostly children, in an Iranian school. The New York Times has linked this attack to a military investigation that finds the U.S. responsible for the strike.
According to experts, Handala is part of a broader wave of Iranian cyberattacks. Palo Alto Networks recently highlighted their increasing prominence, noting they emerged in late 2023 and are connected to Iran’s Ministry of Intelligence and Security (MOIS). The group’s activities have predominantly targeted Israel but are expanding in scope.
Stryker has approximately 56,000 employees across 61 countries. Communication among Stryker staff has turned to WhatsApp, as traditional networks are down. Some employees reported that their devices were wiped, particularly those using Microsoft Outlook.
What’s notable about this attack is how it might have been executed. Sources indicate that Handala may have used Microsoft Intune for a “remote wipe” command, targeting all connected devices directly. Intune is generally a security tool for IT teams, which raises questions about cybersecurity best practices.
Palo Alto described Handala’s tactics as opportunistic, with a focus on quickly gaining access to supply chains. This shift in tactics could make them a formidable threat. Notably, Stryker’s products are crucial for healthcare providers across the U.S., making this a potential supply chain crisis.
While the American Hospital Association (AHA) is working to assess any disruptions to hospital operations, initial reports suggest there have been no impacts on U.S. hospitals yet. A spokesperson, John Riggi, noted that the AHA is in continuous communication with healthcare facilities to monitor the situation closely.
As this story develops, the implications for Stryker’s operations and potentially the broader healthcare supply chain can’t be understated. The connected nature of their devices and the critical role they play in surgeries means hospitals must be vigilant about cybersecurity moving forward.
For more details, you can refer to The New York Times, which covers the military investigation into the missile strike, and Palo Alto Networks for additional insights into cyber threats emerging from Iran.
