Major U.S. health care technology company Stryker became the victim of a cyberattack, with a bunch linked to Iran claiming responsibility.
Some experts say that this war of “proxies” could be the next stage of the Iran war, and warn that civilian and important infrastructure could also come under threat.
The Michigan-based company, with 56,000 employees and operations in 61 countries, said in a filing with the Securities and Exchange Commission (SEC) that the attack caused disruptions and limitations of access to some systems, and that the timeline for a full restoration just isn’t yet known.
“Stryker is responding to a worldwide network disruption to our Microsoft environment consequently of a cyber attack. We now have no indication of ransomware or malware and imagine the incident is contained,” the corporate said in a press release Thursday.
While the attack seems to have been limited to the interior network of the corporate, medical service providers are a part of a fancy healthcare network, said Ali Dehghantanha, Canada Research Chair in cybersecurity and threat intelligence and a professor on the University of Guelph.
“An attack against them would have a ripple impact on hospitals and the healthcare,” he said.
This illustrates how “modern wars should not only fought with missiles and tanks,” Dehghantanha said.
“Modern wars are increasingly fought through code targeting the digital infrastructure that societies relies on,” he said.
What happened within the Stryker cyberattack?
Health care, with its impact on each the economy and public safety, could turn into an important goal if Iranian-backed groups increasingly depend on this tactic, he said.
Staff and contractors at Stryker said in social media posts that the emblem of an Iran-linked hacking group has appeared on the corporate’s login pages.
Get day by day National news
Get day by day Canada news delivered to your inbox so you may never miss the day’s top stories.
Handala, an Iranian-linked hacking persona that has claimed multiple attacks on targets in Israel and all over the world, said in a message posted to its Telegram channel that it was answerable for the attack, which was in response to the strike on the Minab school in southern Iran “and ongoing cyber assaults.”
The women’ school in Minab was hit on the primary day of U.S.-Israeli attacks on Iran, killing an estimated 150 students, in line with Iran’s ambassador to the U.N. in Geneva, Ali Bahreini. Reuters has not independently verified the figure.
The outages on Stryker’s network began shortly after midnight on Wednesday on the East Coast, the Wall Street Journal reported, citing people accustomed to the matter.
The corporate’s staff found that distant devices running Microsoft’s Windows operating system, including cellphones, laptops and others configured to connect with Stryker’s technology systems, had been wiped.
“(The) Trump administration is at all times proactively monitoring potential cyber threats and driving a response with our world-class critical infrastructure, regulator agencies and law enforcement entities,” a White House official told Reuters.
Stryker attack is a component of a ‘pattern’
Modern cyberwarfare is increasingly carried out through proxies akin to Handala, Dehghantanha said.
“That’s a typical pattern that now we have seen for years, followed by the Chinese, by the Russians, in fact, the Iranians and North Koreans,” he said, adding that Iran has worked over the past decade to expand its cyber warfare capabilities.
While groups like Handala claim to officially have independent political goals, “you will note that historically, their activities are well-aligned with the Iranian government,” he added.
“This specific activity falls into what we call the grey zone of cyber conflicts. It will not be the formal act of war, nevertheless it is clearly a part of geopolitical pressure being exerted through digital means,” he said.
The Canadian Cyber Security Centre can be warning Canadian critical infrastructure operators to be “vigilant” for the chance of cyberattacks because the Iran war escalates.
The Centre shared a cyber threat bulletin earlier this month, stating that “Iran will very likely use its cyber program to answer the joint U.S. and Israel combat operations against Iran.”
Up to now, Iran has been accused of targeting critical civilian infrastructure.
“These are the things that I expect to see in the longer term increasingly more from Iranian-backed hacking teams going after hospitals, energy systems, and provide chains,” he said.
–with files from Reuters
© 2026 Global News, a division of Corus Entertainment Inc.