- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Portage Today
By the People, for the People
Cyberattack on Michigan Medical Device Maker Highlights Threat from Iranian Hackers
Stryker Corp. disrupted by state-linked hackers, exposing vulnerabilities in critical US infrastructure
Apr. 2, 2026 at 5:00pm
Got story updates? Submit your updates here. ›
A cyberattack claimed by an Iran-linked hacking group called Handala has disrupted operations at Portage, Michigan-based medical device maker Stryker Corp. The attack, which targeted Stryker's internal Microsoft software systems, highlights how state-sponsored cyber operations can quickly translate regional conflicts into disruption for organizations far from the battlefield. Experts warn that critical US infrastructure, including suppliers and service providers, are vulnerable to such attacks as state-aligned hackers seek to gain access and leverage.
Why it matters
The Stryker case illustrates how quickly a regional conflict can impact organizations across the US, including those involved in critical infrastructure. It exposes the vulnerabilities of US companies and their suppliers to state-sponsored cyber threats, which are increasingly used as a tool of geopolitical conflict alongside traditional military actions.
The details
The Iran-linked Handala group claimed responsibility for the cyberattack on Stryker, saying it was in retaliation for events related to the conflict in Iran. The attack disrupted Stryker's order processing, manufacturing, and shipping operations by affecting the company's internal Microsoft software systems. Experts note that modern critical infrastructure relies on a complex web of suppliers and service providers, making the entire system vulnerable to such cyber threats. State-sponsored hackers often focus on gaining stealthy access and establishing persistence within target networks, rather than immediately causing visible disruption, in order to maintain leverage for future crises.
- The cyberattack on Stryker occurred on March 11, 2026.
The players
Handala
An Iran-linked hacking group that claimed responsibility for the cyberattack on Stryker Corp.
Stryker Corp.
A medical device maker based in Portage, Michigan, whose internal software systems were disrupted by the cyberattack.
What they’re saying
“Cyber access is like a set of keys. If you can get into a network quietly, stay there and learn how it works, you create options for later. You can steal information, map dependencies and position yourself to cause disruption. You can keep the option to strike in your pocket, so that in a crisis, you can cause or credibly threaten to cause harm.”
— William Akoto, Assistant Professor of Global Security, American University
What’s next
US officials and cybersecurity agencies are urging organizations to heighten their vigilance and implement recommended security measures to defend against state-sponsored cyber threats, especially during periods of elevated geopolitical tension.
The takeaway
The Stryker cyberattack highlights the growing threat of state-sponsored hackers targeting critical US infrastructure, even organizations far removed from the primary conflict zones. It underscores the need for a whole-of-society approach to cybersecurity, with stronger public-private partnerships and incident reporting requirements, to protect against the evolving tactics of nation-state cyber actors.
