A major cyberattack on a global medical technology company has intensified concerns among security experts that foreign adversaries are increasingly targeting American industry and critical infrastructure.
Tracey Birkenhauer, chief impact officer at Stack Cyber Security, said the recent breach involving Stryker Corporation, a Michigan-based healthcare equipment manufacturer, highlights a troubling shift in cyber warfare tactics away from profit-driven attacks and toward destructive operations designed to cause disruption.
Stryker, headquartered in Kalamazoo, Michigan, generates roughly $25 billion in annual revenue and employs about 56,000 people worldwide. The company produces a wide range of medical equipment, including surgical robotics systems, orthopedic implants, hospital beds, and technology used by emergency responders to transmit patient data to hospitals.
According to Birkenhauer, a hacking group with alleged ties to Iran was responsible for infiltrating Stryker’s systems and carrying out a large-scale attack that wiped data from more than 200,000 devices. The incident forced the company to shut down operations across offices in dozens of countries.
“They shut down offices in 79 countries overnight and walked away with more than 50 terabytes of stolen data,” Birkenhauer said. “And that number may ultimately prove to be even higher.”
Unlike many cyberattacks that rely on ransomware schemes in which criminals demand payment to restore access to systems, Birkenhauer said this operation appeared to have a different objective.
“They didn’t ask for money,” she said. “They wanted the information, and they wanted to cause damage.”
The attack was attributed to a pro-Iranian hacking group known as Handala, which has previously targeted Israeli and Middle Eastern companies. Cybersecurity analysts say the group has become increasingly active in recent years, often claiming responsibility for politically motivated attacks.
Birkenhauer said the incident underscores a growing threat from nation-state-backed hackers who seek to disrupt major corporations and infrastructure systems rather than profit financially.
“The shift from criminals looking for a payday to adversaries seeking destruction is extremely dangerous,” she said.
Investigators believe the hackers used a type of malicious software known as wiper malware, which permanently destroys data by erasing the hard drives where it is stored. Similar attacks have previously been linked to Iranian cyber operations targeting energy and industrial companies.
Birkenhauer noted that these tactics have been used in the past against major oil producers and other strategic targets.
“This isn’t new,” she said. “Iran-linked groups have used wiper malware for years, but now we’re seeing it aimed at American companies with global reach.”
The Stryker breach may also represent a broader campaign targeting critical sectors. Cybersecurity officials have warned that companies involved in healthcare, energy, defense manufacturing, and infrastructure are increasingly attractive targets for hostile governments.
Industry experts believe such organizations are appealing targets because they provide highly visible disruptions that can send shockwaves through the economy and public services.
“Industry is where adversaries can create the most impact,” Birkenhauer said. “These companies are public-facing, they often have vulnerabilities, and attackers can claim credit for causing major disruption.”
The breach has also raised questions about how well large organizations are prepared to defend against sophisticated cyber threats. Birkenhauer said that even multinational companies frequently lack the tools or monitoring systems necessary to detect intrusions before they cause damage.
“We see it every day,” she said. “Even very large companies often don’t have the right cybersecurity controls in place.”
According to Birkenhauer, proper monitoring systems can track network activity in real time and alert security teams when suspicious activity appears. In many cases, she said, attacks could be stopped early if organizations were using those systems effectively.
“If the right tools are configured properly, you can see threats coming and shut them down before anything happens,” she said.
The cybersecurity industry has increasingly emphasized stricter standards for companies working with the federal government, particularly those involved in defense contracts. One such initiative, known as the Cybersecurity Maturity Model Certification, was designed to require contractors to meet specific security benchmarks.
However, Birkenhauer said many companies have been slow to adopt those standards despite regulatory deadlines.
“Manufacturers and contractors are still resisting putting the necessary controls in place,” she said.
The growing sophistication of cyber threats has also placed pressure on government agencies responsible for sharing intelligence and coordinating responses to attacks. Birkenhauer said recent changes in funding and leadership within federal cybersecurity agencies have raised concerns among industry professionals about how effectively information is being communicated.
In some cases, she said, private sector organizations are now relying on industry networks and technology groups to exchange information about emerging threats.
“Private industry is having to keep its own finger on the pulse of what’s happening globally,” she said.
Cybersecurity specialists warn that the United States faces increasing pressure from adversaries such as Iran, Russia, and China, which have invested heavily in offensive cyber capabilities.
Birkenhauer said the Stryker attack may represent only the beginning of a broader wave of cyber operations targeting American companies and infrastructure.
“This is the beginning, not the end,” she said. “And it’s something everyone needs to pay attention to.”