As military tensions in the Middle East peaked after U.S. and Israeli airstrikes on Iran, the global medical device manufacturer Stryker's network suffered what is believed to be a massive cyberattack by an Iranian hacking group and was brought to a complete standstill.
As retaliatory hacking aimed directly at private corporations, beyond military facilities or government agencies that trade physical blows, became a reality, a taut sense of tension spread across U.S. industry. Corporations, while urgently inspecting their internal security systems, are now burdened with securing business continuity in case of an unexpected hacking breach.
According to security industry sources and U.S. media reports on the 11th (local time), Stryker's internal Microsoft (MS) environment network went down simultaneously from around midnight. Stryker may be somewhat unfamiliar to the Korean public, but it is a multinational medical device giant operating in 61 countries worldwide with annual revenue of $25 billion (about 37 trillion won). It mainly supplies hospitals with high value-added essential medical equipment such as artificial joints, robotic surgery systems, and emergency room beds. It was listed on the New York Stock Exchange in 1979 and now has a market capitalization of $132 billion (about 196 trillion won).
Immediately after the hacking attack, the data embedded in 200,000 information and communication devices such as in-house desktops and mobile phones was completely erased. There are strong indications that 50 terabytes (TB) of key data was also leaked externally. As the situation spiraled out of control, Stryker issued an emergency directive to more than 56,000 employees worldwide, including its Ireland office, to power down their devices and thoroughly block access to the internal network. Some employees suffered damage in which data on their personal smartphones connected to the internal network was deleted as well.
The group "Handara," a hacker organization closely linked to an Iranian government intelligence agency, is being strongly pointed to as the culprit. On its Telegram channel, the group said it destroyed Stryker's network in "retaliation for the crime in which the United States and Israel bombed an elementary school in the Minab region of Iran, killing more than 150 innocent students."
Handara labeled the corporation as part of the Zionist camp, taking issue with Stryker's acquisition of the Israeli corporation OrthoSpace in 2019. The Zionist camp refers to groups that participate in or support the movement to build a Jewish nation-state in the Palestinian region, an expression used in the Islamic world to refer to Israel in a hostile manner. Stryker also has a $450 million (about 670 billion won) medical equipment supply contract with the Ministry of National Defense. The group threatened to release to the world the 50 terabytes of stolen personal medical data and corporate secrets to expose corruption and injustice.
Experts said that because Stryker occupies such a large share of the global medical supply chain, the fallout from the system paralysis could trigger a chain reaction of damage beyond a simple loss to an individual corporation. According to Bloomberg, many U.S. hospitals use the corporation's surgical equipment, making it hard to rule out the possibility that, if the situation drags on, scheduled surgeries will be delayed or canceled, causing an unprecedented gap in medical services.
There are also concerns that the massive volume of data siphoned off by the hack could directly threaten public safety. Given the nature of a medical device manufacturer, there is a high chance that patient personal information or sensitive in-hospital medical records were included in the leaked data. If such information leaks externally, it could be exploited for serious secondary crimes such as voice phishing or identity theft.
It is also highly likely that the hacking group will use the stolen data as a weapon to push political and economic demands on corporations and the government, or hold it hostage to stir anxiety and confusion across society. Some voiced concern about a worst-case scenario in which hackers remotely disrupt the operating environment of core life-support equipment or surgical systems in hospitals, directly endangering patients' lives. The White House also recognizes the gravity of the situation and, under President Donald Trump's direction, is working with intelligence agencies such as the Federal Bureau of Investigation (FBI) to monitor potential cyber threats and search for strong response measures.
Security experts are closely watching the phenomenon of military conflict evolving into all-out cyberterror targeting private corporations. Cyberattacks are an efficient asymmetric strategy that can inflict fatal damage on adversaries while greatly reducing the burden of a full-scale war. In particular, medical systems and hospital networks like Stryker, the target this time, are essential infrastructure for society's survival, yet compared with finance or defense, they are relatively lax in security investment and defense systems, making them attractive targets for hackers.
Such cyberterror can also serve a sophisticated political purpose of shaking society at its roots and fomenting psychological fear. Tim Haugh, Director General of the National Security Agency (NSA), told The Wall Street Journal (WSJ), "When actual conflict breaks out, private industry sectors that are in direct contact with the public serve as targets that are the most vulnerable in defense yet best for adversaries to showcase their reach," adding, "Corporations must prepare for the vast security threats they face."