## Stryker Hit by Alleged Iran-Backed Cyberattack **Stryker**, a medical and surgical equipment manufacturer with $25 billion in global sales last year, is reportedly grappling with a major cyberattack. News reports from Ireland, where Stryker has a large presence, indicate that over 5,000 employees were sent home. A voicemail message at Stryker's U.S. headquarters cited a "building emergency." ## Handala Claims Responsibility A hacktivist group known as **Handala** (also known as Handala Hack Team) has claimed responsibility for the attack in a statement posted on Telegram. The group alleges that Stryker's offices across 79 countries were forced to shut down after data was erased from over 200,000 systems, servers, and mobile devices.  The statement reads in part, "All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption." Handala claims the attack was retaliation for a February 28 missile strike that hit an Iranian school. **The New York Times** reports that a military investigation has determined the United States was responsible for the strike. ## Ties to Iranian Intelligence **Palo Alto Networks** has previously profiled Handala, linking the group to Iran's **Ministry of Intelligence and Security** (MOIS). Palo Alto states that Handala emerged in late 2023 and is believed to be one of several online personas managed by Void Manticore, a MOIS-affiliated actor. ## Remote Wipe via Microsoft Intune? While wiper attacks typically involve malicious software, a source familiar with the incident suggests that the attackers may have exploited **Microsoft Intune** to issue a remote wipe command against connected devices. Microsoft Intune is a cloud-based solution used by IT teams to enforce security and compliance policies. This theory is supported by discussions on Reddit, where users claiming to be Stryker employees reported being instructed to uninstall Intune. ## Impact on Healthcare Supply Chain The attack on Stryker, a major supplier of medical devices, is already impacting healthcare providers. A healthcare professional at a major U.S. university medical system reported difficulties ordering surgical supplies normally sourced through Stryker. "This is a real-world supply chain attack," the expert said. "Pretty much every hospital in the U.S. that performs surgeries uses their supplies." **John Riggi**, national advisor for the **American Hospital Association** (AHA), stated that the AHA is aware of the reports and is actively exchanging information with hospitals and the federal government. As of now, there are no confirmed direct impacts or disruptions to U.S. hospitals, but the situation is being closely monitored. ## Hospitals Disconnecting from Stryker Systems According to a memo from the Maryland Institute for Emergency Medical Services Systems, some hospitals have opted to disconnect from Stryker's online services, including **LifeNet**, as a precaution. LifeNet enables paramedics to transmit EKGs to emergency physicians, expediting treatment for heart attack patients. ## Developing Story This is a developing story. Further updates will be provided as they become available. **Update, 2:54 p.m. ET:** Added comment from Riggi and perspectives on this attack’s potential to turn into a supply-chain problem for the healthcare system. **Update, Mar. 12, 7:59 a.m. ET:** Added information about the outage affecting Stryker’s online services.