Cyberattack against Stryker highlights potential impacts of Iran war on healthcare industry

The cyberattack against medtech company Stryker isn’t quite like other major cybersecurity events we’ve seen in the healthcare industry in recent years. This attack is part of Iran’s response against the US to the war in the Middle East.

On March 11, an Iran-linked threat actor called Handala (suspected by Israeli cybersecurity experts to be tied to the Iranian Ministry of Intelligence and Security) disrupted Stryker’s internal Microsoft network, the company shared in a statement, prompting the company to initiate a cybersecurity “response plan” and an internal investigation, per a Securities and Exchange Commission filing.

But crucially, this could be also a sign of more to come within this war, cybersecurity experts have said.

“You can’t look at this cyberattack in a vacuum. It’s direct retaliation tied to the broader conflict with Iran,” Erik Pupo, director of commercial health IT advisory at tech consultancy Guidehouse, told us via email.

Stryker has maintained since the attack that its medical and surgical devices have not been impacted and there has been no sign of malware or ransomware that could impact USB flash drives for related products. Its 56,000 global employees were encouraged to keep company-issued devices turned off and disconnected from networks.

“Incidents like the recent attack on Stryker are a reminder that cyber conflict increasingly mirrors geopolitical tensions, where disruption is used as a signal of reach and capability, not just immediate impact,” Mike Smith, field chief technology officer at digital security company DigiCert, told Healthcare Brew via email.

Supply chain issues to come? Already, concerns over potential supply chain issues—particularly with generic drug prescriptions, nearly half of which are imported from India, CNBC reported—have been sprouting up due to the war’s closure of the Strait of Hormuz.

“We are staring down the barrel of severe, simultaneous shortages of both surgical components and basic medications and the possibility of cyberattacks against US infrastructure as the ability of Iran’s government to inflict physical harm on US and Israeli armed forces decreases,” Pupo said.

Combined with cybersecurity risks, Smith said, “the downstream effects can extend beyond IT systems to impact device availability and patient care.”

This creates a “worst-case scenario” for hospitals caught “suddenly fighting a two-front war for their critical supplies,” Pupo said.

“If a hospital is only preparing for standard ransomware, they are going to be caught entirely flat-footed by this new wave of geopolitical sabotage,” he added.

In a March 15 statement, Stryker said it was working with global manufacturers to manage potential supply chain issues after electronic ordering systems went offline as a result of the attack.

After the attack was reported, Stryker’s stock dropped from an opening high of $358.49 to a low of $328.23 by March 12, though it has since somewhat leveled out. The company reported $25.1 billion in revenue for 2025, and roughly 150 million patients across 61 countries use the company’s medical equipment.

As of publication, Stryker’s system is still largely down but the company is “in the restoration process, which is progressing steadily,” spokesperson Jenny Braga said in a statement.