When the Devices Go Dark: How Healthcare & Biotech Companies Can Prepare for a Cyberattack
Since the U.S.–Iran conflict escalated in late February, uncertainty, fear, and anxiety have been rising across industries. Many of the most visible targets of cyberattacks such as banks, energy companies, and government agencies have been actively reinforcing their defenses. But these are not the only sectors at risk. Healthcare organizations and medical device companies are increasingly in crosshairs as geopolitical tensions spill into the digital domain. If your company is U.S-based or predominantly serves, the U.S market, you could be a target.
On March 11, 2026, employees at Stryker, one of the world’s largest medical device companies, picked up their work-issued phones to find blank screens. No contacts. No messages. No network access. The Iran-linked hacker group Handala had remotely wiped over 200,000 devices across 79 countries, allegedly by gaining access to Stryker’s Microsoft Intune management console and using its own remote wipe feature against it. No novel malware required, just stolen admin credentials and a few clicks.
It’s being called the first significant destructive cyberattack on a Western company since the US-Israel-Iran conflict began. And it almost certainly won’t be the last.
Why Healthcare Is a Geopolitical Target
Most security teams are built to defend against financially motivated attackers like ransomware gangs who want a payout. Groups like Handala want something different. They want disruption. Wiper attacks leave no ransom note and offer no negotiation. There is only the silence of systems that no longer function.
Healthcare and biotech companies are especially exposed. Their products live inside patients and operating rooms. Their supply chains feed hospitals across dozens of countries. A successful attack doesn’t just create an IT crisis — it creates a patient care crisis. That’s precisely what makes them attractive targets.
Your Crisis Plan: 8 Steps to Take Now
1. Lock down privileged access.
Enforce phishing-resistant MFA, review who has access, and eliminate dormant accounts today.
2. Segment your network.
Medical devices, corporate endpoints, and manufacturing systems should be on isolated, firewalled segments. A wiper in one zone should not move freely to others.
3. Monitor geopolitical risk.
If your company could be perceived as affiliated with a party to an active conflict, that’s a threat signal. Assign someone to monitor geopolitical developments and trigger security reviews when the threat climate shifts.
4. Test your backups.
Run restoration drills quarterly and know exactly how long recovery takes.
5. Build an out-of-band communications plan.
If every company device is wiped, how do your people reach each other? Establish a backup communications plan before the crisis hits.
6. Define your crisis command structure.
Who leads when the CISO’s laptop is a brick? Document a clear hierarchy with named backups and personal phone numbers stored off-network.
7. Pre-draft stakeholder communications.
Patients, hospitals, regulators, and investors will expect a response within hours. Have templated statements ready for multiple scenarios. Know your FDA, HHS, and SEC notification deadlines before a breach forces you to look them up.
8. Document offline procedures.
Identify your ten most critical workflows and write a manual fallback for each. In healthcare, digital downtime can become a patient safety issue.
The organizations that survive attacks like this aren’t always the ones with the biggest security budgets. They’re the ones with the clearest plans and the most practiced teams. Cyber preparedness in healthcare isn’t an IT issue—it’s a patient safety issue. Build your plan now, while the devices are still on.
Want to learn more about Yes& CommCore’s Crisis Plan Counsel and PressureTest Workshops?
Let’s connect: info@yesandcommcore.com or tell us more about your needs here.