Stryker hack impact deepens as Cork facilities struggle to restore systems
Stryker was hit by a 'wiper' attack, in which the data on the targeted IT system is 'wiped out' and cannot be retrieved. Picture: Larry Cummins
Many staff at Stryker remain unable to work more than one week after the Iranian-linked cyberattack on the US medical device company.
An employee working in one of the company’s six Cork facilities said that production is still down there.
“There’s nothing happening at the moment. The impact of this is massive," they told the
In addition to lost production and productivity, employees are also concerned about the hack's potential impact on Stryker's hard-won reputation.
The global medical device company has more than 4,000 employees in Cork and another 1,400 across the island.
The Fortune 500 company employs some 56,000 people globally, and it reported more than €20bn in revenue in 2025.
Many staff are collecting their reinstalled laptops this week, but some still lack the software necessary to return to work.
“People are testing on site and getting things back up,” one employee said.
"Everything on my laptop was deleted, with Microsoft software reinstalled. They wiped everything on purpose in case anything malicious was hiding there.
"There's a real level of care, and everyone’s doing what they need to do to get the company back on its feet."
One small positive from the hack is that it's given staff the time to talk and forge better relationships, one employee said.
“We’re having chats with people we didn’t know before, getting to know each other better, that’s been really nice," they said.
Stryker was hit by a "wiper" attack, in which the data on the targeted IT system is “wiped out” and cannot be retrieved.
Iranian hacker network Handala claimed responsibility. It said that the attack was in response to the bombing of a school in Iran, which killed more than 175 civilians — many of them children — after the US and Israel invaded the country.
Ronan Murphy, the CEO of Smarttech247, said that recovery following a wiper attack “can be incredibly painstaking".
"They literally destroy everything," he said.
Recovery now depends on what type of backup systems the company had, Mr Murphy said.
He has seen a “very significant” increase in cyberactivity in the last four weeks.
“A lot of cybercrime typically flourishes in times of geopolitical crisis, in times of high tension," he said.
“People are worried, people tend to click on links, and go down rabbit holes following news. That tends to lead to problems.
“Everybody’s on heightened alert from a cybersecurity perspective at the moment."
Increased cyberactivity includes the scanning of IT systems to search for any weaknesses to exploit.
It also includes a proliferation of infected "fake news" websites. These use salacious headlines to draw people to click on links which lead them to the infected sites.
Artificial intelligence (AI) can create websites so quickly now that it's an easy tool for hackers, he said.
“Social media is such a toxic place, and the algorithms work in a way that they give you what you want to hear.
“So, if you go down the rabbit hole of conspiracy theories, or you're left-leaning or right-leaning, that's the content that will be served up to you.
“Instead of looking at non-biased, independent journalists who are professionals and give you a clear view of what's happening, people — much of the new generation — go down the rabbit hole of following the emotive stuff that draws reactions and feelings.
"AI tools can make sites so quickly now to look legitimate, but they are infected with malicious software."
Hackers are relentless, and can "come at you in a thousand different ways now," Mr Murphy added.
A spokesperson from Stryker said that it believes the incident has now been contained and the company is in the restoration process.
"On March 11, 2026, we experienced a cybersecurity attack which resulted in a global disruption," the spokesperson said.
"Upon detection, we quickly activated our incident response plan and launched an investigation with the support of external advisors and cybersecurity experts.
“Importantly, the incident did not affect any of our products — connected or otherwise. All Stryker products across our global portfolio, including connected, digital, and life-saving technologies, remain safe to use.
“We are now in the restoration process, which is progressing steadily. We are actively bringing our systems back online, and are prioritising systems that directly support customers [in] ordering and shipping.
“We are co-ordinating with appropriate authorities and external cybersecurity experts as part of our response."
A collection of the latest business articles and business analysis from Cork.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
