On Wednesday, a $25 billion medical technology company woke up to find its infrastructure gone.
On Wednesday, a $25 billion medical technology company woke up to find its global IT infrastructure erased. Not encrypted. Not held for ransom. Gone. Stryker, one of the largest medical device compan
On Wednesday, a $25 billion medical technology company woke up to find its global IT infrastructure erased. Not encrypted. Not held for ransom. Gone.
Stryker, one of the largest medical device companies in the world, supplying surgical robots, orthopedic implants, and hospital equipment to more than 150 million patients annually, had its Microsoft environment systematically wiped across 79 countries. Over 200,000 devices hit. More than 5,000 employees sent home from its Ireland operations alone. Workers were told not to turn on company devices and to disconnect from all networks. The headquarters in Michigan was answering phones with a recorded message about a "building emergency."
This one has a lot of layers, and I think it deserves a real breakdown rather than another hot take. I'm going to unpack it across three posts over the coming days, covering what actually happened, why Stryker was targeted, what could have limited the blast radius, and what life sciences and medtech companies need to be thinking about right now. If you want a sneak peek at where I'm going with this, shoot me a DM.
The attack was carried out by a group called Handala, which presents itself publicly as a pro-Palestinian hacktivist collective. Multiple cybersecurity firms, including Palo Alto Networks, Check Point, and Sophos, have linked them to Iran's Ministry of Intelligence and Security. This wasn't a group of ideologically motivated amateurs. This was a state intelligence operation with a hacktivist mask on.
And here's the detail that should get the attention of every life sciences executive: Stryker's Lifenet system, used by paramedics to transmit EKG data to hospitals ahead of arriving heart attack patients, went dark across Maryland and other states. EMS agencies were instructing clinicians to fall back to radio communication. That's not an IT problem. That's a patient care problem. And it happened because a medtech company's corporate network got hit.
We've spent years talking about geopolitical risk in the context of tariffs, regulatory divergence, and supply chain fragility. What Stryker shows us is that geopolitical conflict now has a direct path into the operational continuity of healthcare companies, and by extension, into the hospitals and patients that depend on them.
The US and Israel began military operations against Iran on February 28th. Less than two weeks later, an Iranian intelligence operation wiped out the global infrastructure of a Fortune 500 medtech company. That's not a coincidence. That's a preview.
The question every life sciences leader should be sitting with right now: what's your exposure, and do you actually know?
More on what happened technically, and what it means operationally, in my next post.