Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.

The medtech giant manufactures a range of products, including surgical and neurotechnology equipment. With over 53,000 employees, Stryker is a Fortune 500 company that reported global sales of $22.6 billion in 2024.

Handala says they stole 50 terabytes of data before wiping tens of thousands of systems and servers across the company's network, forcing Stryker to shut down in "an unprecedented blow."

"In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted," the attackers said. "Stryker’s offices in 79 countries have been forced to shut down."

This aligns with reports from people claiming to be Stryker employees from the United States, Ireland, Costa Rica, and Australia, who said their managed Windows and mobile devices were remotely wiped in the middle of the night. The attackers have also defaced the company's Entra login page to display a Handala logo.

A Stryker employee told BleepingComputer the incident began early Wednesday morning, when devices enrolled in the company's mobile device management system were remotely wiped. The employee said colleagues who had personal phones enrolled for work access also lost data after their devices were reset.

Staff were instructed to remove corporate management and applications from their personal devices, including the Intune Company Portal, Teams, and VPN clients.

Numerous employees also report that the attack disrupted access to internal services and applications, forcing some locations to revert to "pen and paper" workflows after systems became unavailable.

As a result of the attack, Stryker is now working to restore their systems amid a global outage, as first reported by The Wall Street Journal.

"We are experiencing a severe, global disruption impacting all Stryker laptops and systems that connect to our network," Stryker told employees in Cork, Ireland, according to local media.

"At this time, the root cause has not yet been identified. We are actively engaged with Microsoft and treating this a critical, enterprise-wide incident," the company also told employees in Asia.

Handala (also known as Handala Hack Team, Hatef, Hamsa) first surfaced in December 2025 as a hacktivist operation linked to Iran's Ministry of Intelligence and Security (MOIS) that targets Israeli organizations with destructive malware designed to wipe Windows and Linux devices.

They are also known for stealing sensitive data from victims' compromised systems and publishing it on the group's data leak portals.

BleepingComputer reached out to a Stryker spokesperson with questions about the incident, but a response was not immediately available.