Stryker’s Cork Operations Hit by Suspected Iranian-Linked Cyberattack

Thousands of Stryker employees in Cork have been affected by a major global cyberattack on the US medical technology giant, with systems shut down and employee devices wiped in what cybersecurity experts believe is the work of an Iranian-linked hacking group.

The attack, which struck on Wednesday, 11 March, is understood to be a "wiper" attack, a particularly destructive form of cyber assault in which data is permanently erased from targeted systems. Unlike ransomware attacks, where hackers seek payment, wiper attacks are typically politically motivated and designed to cause maximum disruption.

Multiple sources have confirmed that Stryker's internal login and administration pages have been defaced with the logo of Handala, a hacktivist group linked to Iran's Ministry of Intelligence and Security (MOIS). Employees across Ireland, the US, Australia, and India have reported widespread system outages, with many unable to access their accounts after having their device data wiped.

The National Cyber Security Centre (NCSC) in Dublin has been informed of the incident and is understood to be responding.

Cork is Stryker's largest hub outside the United States. The Michigan-based company operates six manufacturing facilities and three innovation centres in Ireland, with locations in Cork, Belfast, and Limerick. Of Stryker's 5,500 Irish employees, approximately 4,000 are based in Cork, where the company has operated since 1998.

The shutdown is reported to be having a detrimental financial impact on the company, as it has effectively disabled the technology used to manufacture Stryker's range of medical products and devices. Some manufacturing machines in Cork are understood to still be in operation, though it is unclear how long they can continue without wider system support.

One cybersecurity expert said:

"This is a global IT outage in Stryker and is being assessed as highly likely a security incident. The likely threat actor is Handala, which is linked to the Iranian regime."

The expert said the regime appeared to be widening its economic warfare beyond its closure of the Strait of Hormuz to include cyber attacks in the Middle East and beyond.

Handala, which takes its name from a cartoon character symbolising Palestinian resistance, has been one of the most active Iranian-aligned hacking groups since the US and Israeli strikes on Iran on 28 February. The group has previously claimed responsibility for attacks on Israeli healthcare networks, government infrastructure, and the devices of senior Israeli politicians.

On the same day as the Stryker attack, hackers also disabled the website of Israel's Academy of the Hebrew Language, replacing it with a message illustrated with the Handala character, though the hacking group itself has not publicly claimed responsibility for that incident.

This is the second cyber incident to affect Stryker in 2026. In February, a separate ransomware group known as 0APT claimed to have breached Stryker's systems, threatening to release sensitive data including medical implant designs and robotic surgery source code.

Stryker has not yet issued a public statement on today's incident.