Medical Device Giant Hit by Iran-Linked Cyberattack as Lawsuits Mount Over Failed Security

PORTAGE, Mich. — A suspected Iran-linked cyberattack has struck Stryker Corporation, exposing sensitive employee data and sparking multiple lawsuits alleging the company failed to implement adequate cybersecurity measures. The Portage-based medical technology giant, a global leader in surgical and medical equipment, became the latest target of what experts are calling a sophisticated state-sponsored hacking campaign.

The Attack and Its Impact

According to recent federal court filings, Stryker was targeted by the Iranian hacker group Handala in a March 11 cyberattack that disrupted the company's systems worldwide. The attack forced office closures at Stryker facilities around the globe and kept some employees out of work for over a week, according to company statements and employee accounts.

One lawsuit alleges that the malicious actor claimed to wipe data from over 200,000 servers, mobile devices, and other systems across Stryker's operations, extracting approximately 50 terabytes of critical data. The company has since confirmed that the breach is now contained and is working around the clock to restore manufacturing capabilities.

Lawsuits Filed Over Data Exposure

Four separate lawsuits have been filed in federal court against Stryker in the days following the hack. The plaintiffs, including current employee Dax Dodge along with three other workers, argue that the company's security practices put employees at serious risk.

The Dodge lawsuit states that before the data breach, the personal information of current and former employees was private. Now, according to the complaint, that information is "forever exposed and unsecure." The lawsuit asks for attorney fees, payment for damages, and a jury trial.

The legal actions raise questions about the scope of the attack, the adequacy of Stryker's cybersecurity measures, and how long the threat may have gone undetected. While Stryker has stated the hack is contained, plaintiffs argue the safeguards in place were insufficient.

Experts Sound the Alarm

Rich Miller, CEO of Stack Cybersecurity in Livonia, says the breach appears severe and the risks to employee information are significant.

"It is very serious. In fact, there was just a class action lawsuit filed against Stryker," Miller stated. "There were four leak sites seized by the FBI today, and you don't have leak sites if you didn't gain any information."

Miller explained that personal and health information, including Social Security numbers and other identifiable information, could easily be exploited. When you have a pool of thousands of names to target, one individual could face identity theft, medical fraud, or other financial harm.

The lawsuits propose the case as a class action, alleging at least 100 people were affected. The court has not yet approved any of the filings as class actions.

What We Know So Far

The cyberattack occurred on March 11, 2026, and the FBI took down websites associated with the suspected hacker group Handala over the weekend. The company confirmed that a threat actor was able to infiltrate its systems and hid their activity behind a malicious file, prompting an internal investigation and system restoration.

On Monday, March 23, Stryker announced that the hack was contained. The company stated, "We are working closely with our global manufacturing sites as operations continue to stabilize. Manufacturing capability is ramping quickly as critical lines and plants are brought back online, prioritizing patient needs."

This is the first priority of the entire organization, according to Stryker's latest statement.

The Broader Cybersecurity Context

This incident highlights the growing threat of state-sponsored cyberattacks targeting American businesses. The State Department recently opened a Bureau of Emerging Threats to address these challenges, but experts warn that more aggressive action is needed.

The exposure of one's Personally Identifiable Information to cybercriminals is a bell that cannot be unrung, according to one of the lawsuits. Social Security numbers alone can be purchased on the dark web for as little as $5 to $10 each, making them highly valuable to criminal networks.

What Happens Next

The court has not yet approved any of the filings as class actions, and the case will proceed through the legal system. Stryker has declined to comment on the legal matters, citing company policy.

The lawsuits will likely explore whether Stryker failed to implement industry-standard cybersecurity measures that would have prevented the breach. If successful, these legal actions could set important precedents for cybersecurity liability in the corporate world.

For now, Stryker continues its 24/7 effort to restore operations while prioritizing patient needs across its medical device manufacturing facilities. The company's ability to quickly bring critical lines back online demonstrates the resilience of its operations, even in the face of sophisticated cyber threats.