Michigan-based medical device maker Stryker reported a global cyber incident Wednesday that Irish outlets said disrupted operations in the United States and overseas, leaving employees unable to access systems as the company worked to restore network-connected devices.
Stryker is headquartered in Portage, Michigan, near Kalamazoo, and lists additional U.S. facilities in Texas, California, New Jersey, Arizona, Virginia and Colorado.
Two Irish outlets, CorkBeo and the Irish Mirror, reported March 11, 2026, that Stryker employees in multiple countries, including the United States, experienced widespread account and device access outages after what staff were told was an enterprise-wide disruption.
The Irish Mirror reported that an internal message to employees described a “severe, global disruption impacting all Stryker laptops and systems that connect to our network.” In another update described by the outlet, Stryker told employees the “root cause has not yet been identified” and said it was working with Microsoft while treating the issue as a critical incident.
Posts on Reddit’s r/cybersecurity described Stryker-managed devices being wiped early Wednesday, including one user who said multiple managed devices were erased around 3:30 a.m. Eastern and that the company’s Entra login page showed “Handala” imagery. Other commenters who said they work for Stryker in Michigan reported being sent home because systems were down, though DysruptionHub could not independently verify the accounts.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
The Irish reports echoed claims circulating on Reddit that internal Stryker pages were defaced with “Handala” branding. Irish outlets characterized Handala as an Iran-linked, pro-Palestinian hacktivist label that has claimed politically driven intrusions and defacements. Cybersecurity researchers caution that branding can be used to amplify impact and is not, by itself, proof of who carried out an intrusion or how it was executed.
Analysts who track Iran-linked cyber activity have documented a mix of operations, from espionage-focused intrusions tied to Iranian state interests to disruptive hacktivist campaigns that prioritize publicity. Researchers have also noted that hacktivist fronts can sometimes align with state priorities or offer plausible deniability, but attribution typically requires forensic evidence, infrastructure links or official confirmation. In the Stryker incident, the reporting describes suspected hacktivist branding and widespread disruption, but there is not yet public evidence establishing whether the activity was state-sponsored, a proxy operation or independent hacktivism.
CorkBeo reported that internal login and administrative pages for workers were defaced with Handala-related branding and that some employees reported their device data had been wiped. The Irish Mirror similarly reported that work devices, including personal phones with a Stryker work profile, were wiped and that many employees could not work while systems were down. Stryker had not publicly confirmed the defacement reports, device wiping claims or any attribution in the reporting.
Both outlets described disruption spanning Ireland and the United States, but did not detail whether customer-facing services, manufacturing operations, shipping, or hospital support functions were interrupted.
The incident follows a pattern seen in recent manufacturing-sector cases where corporate IT disruptions can quickly create factory-floor risk. In DysruptionHub’s prior coverage, forklift maker Crown Equipment shut down IT systems after a ransomware attack that disrupted operations, while medical device maker Masimo reported an attack that halted production and delayed orders. Steel producer Nucor also said it halted operations at multiple facilities after detecting unauthorized access to its IT systems. Stryker has not said whether manufacturing, shipping or customer support were affected.
CorkBeo reported that Stryker’s Cork operations, its largest hub outside the United States, employ thousands of workers.
Stryker has not publicly identified the cause of the incident, addressed the reported “Handala” branding, or detailed which business functions were affected, including any impacts to manufacturing, shipping or customer support.
