Six days after medical technology company Stryker first disclosed details of a rapidly escalating cyber attack, the hacking group behind the incident has claimed to have wiped an alarming 12 petabytes of company data belonging to the company.
“Today, for the first time, we proudly release the documentation of a unique cyber operation, an operation that will etch the name Handala Hack into the minds of all players in the global cyber security arena,” the group said on its website.
“In a swift and calculated attack, we succeeded in penetrating the deepest layers of the network belonging to the medical technology giant, Stryker. No system was safe from our sharp and capable eyes. During this operation, over 200,000 critical systems of this company were targeted and 12 petabytes of data (equivalent to 12,000 terabytes) were permanently wiped. Such a scale of data destruction is unprecedented to this day.”
Handala boasted that it was able to cripple “vital infrastructure” at will and that it would continue to target “all those who walk the path of oppression and aggression”.
Stryker: Restoration continues
The hackers’ claims come as Stryker continues to recover from the attack, which disrupted its global ordering system and raised concerns that its products may be at risk. However, the company maintains that despite some of its systems being taken offline, its products remain secure.
“All Stryker products across our global portfolio, including connected, digital, and life-saving technologies, remain safe to use. This event was contained to Stryker’s internal Microsoft environment, and as a result it did not affect any of our products – connected or otherwise,” the company said in a 16 March incident update.
“Stryker, much like any Fortune 300 company, has embedded policies and procedures for cyber security assurances for our products in the field. This process at Stryker provides additional assurances that no potential vulnerabilities or risk of exploitation related to our connected products exist. Per our standard protocols, we have leveraged this process to confirm that our connected products were not impacted by the incident and remain safe to use.”
Stryker said only its internal Microsoft corporate environment was impacted by the incident and that it was perfectly safe to have sales representatives on site and to contact the company by phone or email.
According to the company, the incident is now contained, and systems are being restored.
“We are working closely with our global manufacturing sites to manage operations and mitigate potential impacts, supported by our robust resiliency and business continuity plans. We are actively bringing our electronic ordering systems back online,” Stryker said.
“We are prioritising restoration of systems that directly support customers, ordering and shipping. Our core transactional systems are already on a clear path to full recovery, and we will continue to provide updates as progress is made.”
Josh Lefkowitz, CEO of cyber security firm Flashpoint, said Handala’s attack represented a “troubling shift” in offensive cyber operations.
“Rather than targeting hospitals or frontline healthcare providers directly, adversaries may focus on critical suppliers and logistics providers where disruption can cascade across the entire healthcare ecosystem,” Lefkowitz told Cyber Daily.
“A single intrusion at a key node in the supply chain has the potential to create widespread operational impact far beyond the initial target.”
Cyber Daily has reached out to Stryker for comment on Handala’s claims.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.