A cyber attack that disrupted operations at medical technology giant Stryker is being viewed by US officials and security experts as a major escalation in Iran’s cyber activity against the American homeland, underscoring the growing exposure of US businesses to geopolitical cyber risk.
According to a report from The Wall Street Journal, the Michigan-based medical equipment company suffered a “global disruption” after hackers targeted its internal Microsoft systems, forcing tens of thousands of employees offline and prompting temporary operational pauses for some healthcare customers.
Stryker said its connected products remained unaffected and “are safe to use,” while stressing that the incident had been contained. Still, the disruption affected important internal functions, including electronic ordering systems, and forced the company to prioritize restoring customer support, shipping, and ordering capabilities.
The event is reverberating well beyond the healthcare sector because it appears to demonstrate how geopolitical conflict can quickly spill into corporate networks. Private firms, not only government agencies or critical infrastructure operators, are increasingly vulnerable to becoming collateral damage or direct targets during international conflicts.
The WSJ report said US officials believe Iran likely carried out what could be “the most significant wartime cyber attack against the US in history,” bringing a conflict previously concentrated in the Gulf region directly into US business operations.
Cybersecurity experts quoted in the report said the incident reflects a deeper integration of digital attacks into modern conflict. Cynthia Kaiser, a former senior cyber official at the FBI who is now a senior vice president at Halcyon, told the Journal: “This is the first extended conflict in which we have played a major role that really integrated cyber and kinetic operations together on both sides.”
Stryker manufactures joint implants, robotic surgery systems, and other medical products used across hospital systems. In the immediate aftermath of the incident, some hospitals reportedly paused use of a system that allows emergency medical service workers to transmit patients’ vital sign data, although Stryker said the system itself was functioning normally and that pauses were independently chosen by customers.
The insurance consequences of this type of attack can be significant. A major cyber event can trigger business interruption losses, incident response costs, forensic investigations, crisis communications expenses, and potential third-party liabilities. It can also sharpen scrutiny around policy wordings involving war exclusions, cyber terrorism, and state-backed attacks.
Former Cybersecurity and Infrastructure Security Agency director Jen Easterly told the Journal that the threat environment remains elevated. “Iran, as far as we can tell, still has pretty formidable cyber capabilities,” she said.
The group claiming responsibility, Handala, presents itself as an independent hacktivist organization, but Western security experts and US officials cited by the Journal said it is tied to Iran’s Ministry of Intelligence and Security.
Research published by Israeli cybersecurity firm Check Point described Handala as being “at the forefront of Iran’s national cyberwarfare,” with an expanding focus on European and American targets.
Investigators reportedly believe the breach may have begun with compromised employee or contractor credentials, possibly obtained through phishing. The initial access may then have allowed the attackers to abuse Microsoft Intune, a widely used device management platform, to wipe data from company laptops and phones.
Stryker chief executive Kevin Lobo said: “This event underscores the broader threat landscape companies face today.”
