Is cyberattack on U.S. health care firm the next phase of the Iran war? – National

Major U.S. health care technology company Stryker became the victim of a cyberattack, with a group linked to Iran claiming responsibility.

Some experts say that this war of “proxies” may be the next stage of the Iran war, and warn that civilian and critical infrastructure could also come under threat.

The Michigan-based company, with 56,000 employees and operations in 61 countries, said in a filing with the Securities and Exchange Commission (SEC) that the attack caused disruptions and limitations of access to some systems, and that the timeline for a full restoration is not yet known.

“Stryker is responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained,” the company said in a statement Thursday.

2:23
Business Matters: Brent oil hits $100 after Iran says Strait of Hormuz must remain closed

While the attack seems to have been limited to the internal network of the company, medical service providers are part of a complex healthcare network, said Ali Dehghantanha, Canada Research Chair in cybersecurity and threat intelligence and a professor at the University of Guelph.

“An attack against them would have a ripple impact on hospitals and the healthcare,” he said.

This illustrates how “modern wars are not only fought with missiles and tanks,” Dehghantanha said.

“Modern wars are increasingly fought through code targeting the digital infrastructure that societies relies on,” he said.

Health care, with its impact on both the economy and public safety, could become a crucial target if Iranian-backed groups increasingly rely on this tactic, he said.

Staff and contractors at Stryker said in social media posts that the logo of an Iran-linked hacking group has appeared on the company’s login pages.

Get daily National news

Get daily Canada news delivered to your inbox so you’ll never miss the day’s top stories.

Handala, an Iranian-linked hacking persona that has claimed multiple attacks on targets in Israel and around the world, said in a message posted to its Telegram channel that it was responsible for the attack, which was in response to the strike on the Minab school in southern Iran “and ongoing cyber assaults.”

The girls’ school in Minab was hit on the first day of U.S.-Israeli attacks on Iran, killing an estimated 150 students, according to Iran’s ambassador to the U.N. in Geneva, Ali Bahreini. Reuters has not independently verified the figure.

The outages on Stryker’s network began shortly after midnight on Wednesday on the East Coast, the Wall Street Journal reported, citing people familiar with the matter.

The company’s staff found that remote devices running Microsoft’s Windows operating system, including cellphones, laptops and others configured to connect to Stryker’s technology systems, had been wiped.

“(The) Trump administration is always proactively monitoring potential cyber threats and driving a response with our world-class critical infrastructure, regulator agencies and law enforcement entities,” a White House official told Reuters.

1:47
Trump says there’s ‘practically nothing left to target’ in Iran, war will end ‘soon’

Modern cyberwarfare is increasingly carried out through proxies such as Handala, Dehghantanha said.

“That’s a common pattern that we have seen for years, followed by the Chinese, by the Russians, of course, the Iranians and North Koreans,” he said, adding that Iran has worked over the last decade to expand its cyber warfare capabilities.

While groups like Handala claim to officially have independent political aims, “you will see that historically, their activities are well-aligned with the Iranian government,” he added.

“This specific activity falls into what we call the grey zone of cyber conflicts. It may not be the formal act of war, but it is clearly part of geopolitical pressure being exerted through digital means,” he said.

2:42
Lebanon ‘trapped in a war that it did not choose’ as fighting intensifies between Israel and Hezbollah

The Canadian Cyber Security Centre is also warning Canadian critical infrastructure operators to be “vigilant” for the risk of cyberattacks as the Iran war escalates.

The Centre shared a cyber threat bulletin earlier this month, stating that “Iran will very likely use its cyber program to respond to the joint U.S. and Israel combat operations against Iran.”

In the past, Iran has been accused of targeting critical civilian infrastructure.

“These are the things that I expect to see in the future more and more from Iranian-backed hacking teams going after hospitals, energy systems, and supply chains,” he said.

–with files from Reuters

&copy 2026 Global News, a division of Corus Entertainment Inc.