Stryker plunges 4% on Iranian-linked cyberattack
Wiper malware attack disrupts 56,000 employees across global operations amid rising US-Iran tensions
Stryker Corporation shares tumbled 4.3% on Wednesday after the medical technology giant confirmed a significant cybersecurity breach attributed to a pro-Iranian hacking group, raising concerns about geopolitical risks facing healthcare companies.
The attack, which began shortly after midnight on the US East Coast, deployed destructive "wiper malware" that disabled corporate systems across Europe, Asia and the United States, according to reports. The stock fell $15.26 to $343.39, wiping approximately $6 billion from the company's $140 billion market capitalization.
The Handala hacker group, a pro-Palestinian collective with ties to Iranian cyber networks, claimed responsibility for the breach and said it had compromised more than 200,000 systems, servers and mobile devices, extracting 50 terabytes of critical data. Some affected devices reportedly displayed the Handala logo on login screens, according to cybersecurity investigators.
Approximately 56,000 Stryker employees worldwide were affected by the outage, including roughly 4,000 workers at the company's Cork facility in Ireland—its largest outside the United States. Employees reported being unable to access corporate laptops, internal platforms, email services and production software, with some devices permanently wiped or locked.
The attack is particularly concerning given Stryker's position as a leading manufacturer of medical devices, surgical equipment and hospital technology. The disruption has raised questions about potential impacts on global medical supply chains, though the company has not yet provided details on whether patient care or hospital operations have been affected.
Handala cited the attack as retaliation for a US military strike in Minab, Iran, according to security analysts. This represents a significant escalation in the use of cyber warfare tactics against civilian infrastructure amid rising US-Iran tensions.
Stryker is collaborating with Microsoft to address the incident, while Ireland's National Cyber Security Centre (NCSC) in Dublin is also involved in assessing the breach. The company issued internal alerts advising employees to disconnect from all networks and avoid turning on company-issued devices as investigations continue.
The breach marks a troubling development for the healthcare technology sector, which has increasingly become a target for state-sponsored cyberattacks. Unlike ransomware attacks that seek financial payment, wiper malware is designed purely to destroy data and disrupt operations—a tactic typically associated with nation-state actors rather than criminal enterprises.
Analysts at several major firms maintain their buy ratings on Stryker stock, with a consensus target price of $424.89, though some note that near-term volatility is likely as the company assesses the full extent of the damage and potential regulatory fallout. Stryker currently has 9 strong buy ratings, 13 buy ratings and 8 hold ratings from covering analysts, with no sell recommendations.
The company reported $25.1 billion in revenue over the trailing twelve months, with quarterly revenue growth of 11.4% year-over-year and earnings growth of 55.9%. However, investors are now weighing potential regulatory scrutiny, reputational damage and legal liability against the company's strong fundamentals.
"Healthcare companies have become increasingly attractive targets for geopolitical cyber operations," said one cybersecurity analyst familiar with the incident. "The combination of valuable intellectual property, critical infrastructure importance and often complex IT systems creates multiple vulnerabilities."
Stryker has not yet provided a timeline for full system recovery or disclosed whether patient data was compromised in the breach. The company's next significant public update could come during its scheduled earnings announcement, though investors will likely demand more immediate transparency given the scale of the disruption.
The incident underscores growing cybersecurity challenges facing large multinational corporations as geopolitical conflicts increasingly spill into the digital realm. For Stryker, which trades at a premium 43.5 times trailing earnings, the attack represents a test of whether investors will maintain their high valuation expectations amid heightened operational risks.