Ireland Cyberattacks: Iran Conflict Raises Risk – NCSC Warning

March 20, 2026 Emma Walker – News Editor News

CORK, Ireland – A global cyberattack targeting medical technology firm Stryker, and claimed by the Iran-linked hacking group Handala, has prompted Ireland’s cybersecurity chief to warn of a potential increase in Iran-affiliated cyber activity. The attack, which began March 11th, disrupted Stryker’s operations, including its Cork-based facility, and underscores the growing intersection of geopolitical conflict and digital warfare.

Richard Browne, Director of the National Cyber Security Centre (NCSC), stated that while the cyber risk level for Ireland has increased due to the ongoing conflict in the Middle East, the increase has not been dramatic. “We’re heavily dependent on a systematic, global network of services and infrastructure,” Browne said, adding that the Stryker incident demonstrated how an attack originating in the United States could have direct consequences for Irish operations. RTÉ reports Browne believes similar impacts are “entirely possible in a whole range of other areas.”

The attack on Stryker involved the wiping of tens of thousands of employee devices, according to TechCrunch. Handala claimed responsibility for the breach, stating it was retaliation for a U.S. Airstrike on a school in Minab, Iran, which reportedly killed at least 175 people. The group allegedly gained access to Stryker’s internal Microsoft environment through a compromised administrator account, allowing them to remotely wipe devices via the company’s Microsoft Intune dashboards.

While Stryker has stated its internet-connected medical products remain safe to use and that no ransomware or malware was detected, the company continues to experience disruptions to order processing, manufacturing, and shipping. The incident is considered the first major cyberattack originating from Iran in response to the escalating conflict, according to Healthcare Brew. Israeli cybersecurity experts suspect Handala is tied to the Iranian Ministry of Intelligence, and Security.

The increased cyber threat is not solely attributable to Iranian actors. Even before the outbreak of open conflict, reports indicated that U.S. Cyber teams had been disrupting Iranian communications networks. The Reuters reports that intelligence sources indicate Israel has engaged in cyber operations, including hacking CCTV and traffic cameras, to monitor Iranian leaders.

Raluca Saceanu, CEO of cybersecurity company Smarttech247, reported a significant increase in cybercriminal activity coinciding with the escalation of the Iran conflict. “We have seen a lot of new activity, a lot of phishing, a lot of credentials theft, exploitation of exposed systems and online propaganda,” Saceanu said, noting the pattern aligns with previous periods of geopolitical tension involving Iran-aligned actors.

Browne cautioned that while a direct attack on critical Irish infrastructure or government systems is not considered “particularly likely,” the possibility of hacktivism and denial-of-service attacks remains. He likewise indicated that Iran-linked hackers are likely to continue targeting U.S. Companies, which could have ripple effects for Irish entities dependent on those firms. The NCSC has not yet issued specific guidance for Irish businesses beyond standard cybersecurity best practices, but continues to monitor the situation.