The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers.

The agency said on Thursday that it was urging companies to take action and confirmed it was aware that hackers used their access to Stryker’s Windows-based network to misuse its device endpoint systems, causing ongoing outages to the company’s global operations.

Among the advice, CISA said network administrators should ensure that certain user accounts that have access to systems like Microsoft Intune, which Stryker uses to remotely manage its employees’ devices, can only make sensitive or high-impact changes (such as wiping devices) with a second administrator’s approval.

Stryker, which develops medical devices and equipment for hospitals, confirmed on March 11 that it had been hacked, saying it was experiencing “global disruption” to its network.

The company said the hackers did not deploy malware or ransomware, but reports say that the hackers abused their access to Stryker’s internal systems to access its Intune dashboards to remotely delete the data stored on tens of thousands of employee devices, including personal phones and computers connected to Stryker’s network.

Stryker has since said it contained the cyberattack and is restoring its systems. While the company’s medical devices remain operational, Stryker said its supply, ordering, and shipping systems remain offline.

Stryker has not given a timeline for its recovery. The company did not respond to TechCrunch’s request for comment.

A group of pro-Iran hacktivists, known as Handala, took credit for the cyberattack on Stryker last week, saying it hacked the company in retaliation for the U.S. killing of dozens of children in an air strike on a school in Iran. The hackers claimed to have stolen reams of data from the company’s network, but did not immediately provide evidence for that claim.

The FBI seized the Handala group’s website on Wednesday, TechCrunch reported.

Topics

CISA, cyberattack, cybersecurity, data breach, Government & Policy, Security, Stryker, Windows

Zack Whittaker

Security Editor

Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.

He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.

View Bio

June 9

Boston, MA

Actively scaling? Fundraising? Planning your next launch?

TechCrunch Founder Summit 2026 delivers tactical playbooks and direct access to 1,000+ founders and investors who are building, backing, and closing.

CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices