A major cyberattack has disrupted operations at global medical technology company Stryker, particularly affecting its large manufacturing and innovation hub in Cork, Ireland. The attack forced thousands of employees offline and caused widespread IT outages across the company’s global network. Early investigations suggest that an Iran-linked hacking group known as “Handala” may be behind the incident, though officials say the attribution is still being examined.
What Happened at Stryker’s Cork Facility
Stryker operates one of its largest international hubs in Cork, employing nearly 4,000 workers in the region and about 5,500 across Ireland. When the cyberattack struck, employees suddenly lost access to laptops, internal systems, and network-connected devices. The disruption spread rapidly, impacting operations worldwide.
Reports indicate that many systems were shut down or wiped, forcing staff to disconnect devices and halt certain manufacturing and administrative processes while cybersecurity teams investigated the breach.
HELLO Stryker#HANDALA https://t.co/Wxfu1Cd9f3 pic.twitter.com/1o6Bc8kwRI
— HPR INTELLIGENCE (@HPRNEW) March 11, 2026
Suspected Hacker Group: Handala
Cybersecurity analysts and Irish media reports suggest the attack may be linked to a hacktivist group called Handala, which is believed to have connections with Iranian interests. During the incident, some Stryker login pages reportedly displayed the Handala logo, a sign often used by the group in previous cyber operations.
The group has previously targeted organizations connected to Western governments and businesses. Experts believe the attack may be politically motivated, possibly linked to broader geopolitical tensions involving Iran and Western nations.
Use of “Wiper Malware”
Unlike ransomware attacks that demand payment, the Stryker incident is believed to involve “wiper malware.” This type of malicious software permanently deletes or corrupts data on infected systems.
Wiper attacks are considered particularly destructive because they aim to disrupt operations rather than extract money, often indicating political or strategic motives.
Impact on Operations and Employees
The cyberattack triggered a global IT outage, affecting internal communications, manufacturing systems, and employee devices. Some reports suggest workers were instructed to disconnect laptops and remove company profiles from mobile phones while the company worked with cybersecurity experts to restore systems.
The disruption could potentially impact the production of Stryker’s medical equipment, which is widely used in hospitals and surgical procedures around the world.
Investigation Still Underway
Stryker has confirmed the cyber incident but has not officially attributed the attack to any specific group. National cybersecurity authorities in Ireland and the company’s internal security teams are investigating the breach to determine its origin and full impact.
For now, the company says its priority is restoring operations and ensuring that healthcare providers relying on its products continue to receive support.
