By Sean Orr, M.D. | March 13, 2026
If you operate on patients, monitor them in transport, or depend on connected medical technology in any capacity – and in 2026, that’s nearly all of us – you need to understand what happened to Stryker this week. Because it isn’t just a corporate IT story. It’s a patient safety story. And it’s one we should have seen coming.
The Attack
On March 11, an Iran-aligned hacking group called Handala claimed responsibility for a massive cyberattack against Stryker Corporation, one of the world’s largest medical technology companies. The group says it wiped data from more than 200,000 systems, servers, and mobile devices across 79 countries and exfiltrated 50 terabytes of company data. Stryker confirmed a “global network disruption to our Microsoft environment as a result of a cyberattack.”
The attack vector was chillingly efficient. According to security researcher Kevin Beaumont, the hackers gained access to Stryker’s Active Directory services and weaponized Microsoft’s own endpoint management tool, Intune, to remotely wipe devices at scale. They turned Stryker’s management infrastructure against itself.
Handala – which Palo Alto Networks links to Iran’s Ministry of Intelligence and Security (MOIS) through an actor designated Void Manticore – said the attack was retaliation for the February 28 missile strike on the Shajareh Tayyebeh girls’ elementary school in Minab, Iran, in which upwards of 150 children were killed. Geopolitics has entered your operating room.
Why This Matters for Florida Physicians
Your EKG transmissions may have gone dark. Maryland’s Institute for Emergency Medical Services reported that Stryker’s Lifenet electrocardiogram transmission system was “non-functional in most parts of the state.” Lifenet is the system paramedics use to transmit 12-lead EKGs to receiving hospitals during cardiac emergencies. When that system goes down, critical prehospital data doesn’t reach the cardiologist waiting in the cath lab. Stryker later claimed Lifenet was functioning normally – but Maryland EMS had already instructed clinicians to fall back to radio consultation. If you practice emergency or interventional cardiology in Florida, confirm with your local EMS agencies whether Lifenet services in your region were affected.
Your supply chain is disrupted. Stryker’s order processing, manufacturing, and shipping operations have been impacted, with no announced timeline for full restoration. Stryker makes surgical instruments, implants, endoscopy systems, hospital beds, and neurovascular devices used in hospitals across Florida. If your OR depends on Stryker products for scheduled procedures, talk to your supply chain team today.
Your connected devices may be at risk. The American Hospital Association is actively exchanging information with hospitals and the federal government to assess impact on hospital operations. CISA is investigating. HHS is evaluating potential effects on patient care. The question for every hospital CIO right now: should Stryker equipment connected to hospital networks be isolated until the scope of the breach is fully understood?
This is the first salvo, not the last. Security experts have warned since the onset of US-Israel military operations in Iran that retaliatory cyberattacks were coming. Flashpoint has identified Amazon, Google, Microsoft, Oracle, Palantir, and Nvidia as companies the IRGC has threatened. Healthcare – which runs on vulnerable, interconnected systems and holds the most sensitive personal data imaginable – sits squarely in the crosshairs.
What Florida Physicians Should Do Now
- Contact your hospital’s IT security team today. Ask specifically: Does our facility use any Stryker systems connected to our network? Have we received guidance from Stryker on isolating or patching affected systems? Don’t accept “we’re monitoring the situation” as an answer.
- Verify your EMS data links. If you receive prehospital EKGs or other Lifenet-transmitted data, confirm with your county EMS medical director that transmissions are functioning. If there’s any disruption, ensure your department has an analog fallback protocol in place.
- Audit your Stryker supply chain exposure. Talk to your OR manager, supply chain director, or practice administrator about upcoming procedures that depend on Stryker instruments or implants. Identify alternatives now, before you’re scrambling the morning of a scheduled case.
- Push for cybersecurity at the medical staff level. Most hospital cybersecurity planning happens in IT departments and C-suites, far from the physicians who bear the clinical consequences when systems fail. Request a cybersecurity briefing at your next medical staff meeting. Patient safety is physician business.
- Engage with organized medicine. The Florida Medical Association and specialty societies need physician voices demanding that healthcare cybersecurity be treated as a patient safety priority – not just an IT budget line. When a nation-state actor can shut down EKG transmissions during a STEMI, that’s not a technology problem. That’s a medical crisis.
The Bigger Picture
We’ve spent a decade connecting everything – devices, records, imaging, pharmacy, supply chain – to networks that were never designed to be battlefields. The Stryker attack is a stark demonstration of what happens when geopolitics meets medical infrastructure. A group of hackers, operating thousands of miles away in retaliation for a military strike, can degrade the ability of paramedics in American cities to transmit a cardiac patient’s EKG to the hospital.
This is the new reality of practicing medicine. Cybersecurity is patient safety. And physicians – not just IT departments, not just administrators – need to lead the conversation about what we’re willing to risk and what we demand be protected. Because the next attack won’t wait for us to catch up.
Frequently Asked Questions
How does the Stryker cyberattack affect Florida hospitals and physicians?
Florida hospitals that use Stryker’s surgical instruments, implants, endoscopy systems, hospital beds, or neurovascular devices may face supply chain disruptions. Facilities using Stryker’s Lifenet EKG transmission system should verify functionality with local EMS agencies. Physicians should confirm with their hospital IT departments whether any Stryker-connected devices need to be isolated from hospital networks.
Was patient data compromised in the Stryker cyberattack?
The hackers claim to have exfiltrated 50 terabytes of Stryker data and intend to release it publicly. As of March 13, 2026, it is not yet clear whether protected health information was included in the stolen data. CISA and HHS are actively investigating, and hospitals should monitor for breach notification updates from Stryker.
Who is Handala, the group behind the Stryker hack?
Handala is a pro-Iran hacktivist group that Palo Alto Networks links to Iran’s Ministry of Intelligence and Security (MOIS). The group has been active since late 2023 and is assessed to be an online persona maintained by Void Manticore, a MOIS-affiliated threat actor. They claimed the Stryker attack was retaliation for the February 28, 2026 bombing of a school in Minab, Iran.
What should Florida physicians do to protect their practice from cyberattacks?
Physicians should request a cybersecurity briefing from their hospital IT team, verify that EMS data transmission systems are functioning, audit supply chain dependencies on affected vendors, and advocate for cybersecurity to be treated as a patient safety issue at medical staff meetings. Consider engaging with the Florida Medical Association on cybersecurity advocacy.
Are more healthcare cyberattacks expected from Iran-linked groups?
Security experts warn that the Stryker attack is likely the first of several retaliatory cyberattacks against US companies. Flashpoint has identified multiple major technology companies that Iran’s IRGC has threatened. Healthcare organizations should heighten their cybersecurity posture and review incident response plans immediately.