Device-maker St. Jude Medical sues over security allegations

Device-maker St. Jude Medical sues over security allegations
© Getty Images

St. Jude Medical, a medical device-maker, filed suit Tuesday against two companies that sold its stock short and released security research questioning the cybersecurity of the firm's products.

On August 25, Muddy Waters investments announced it had bet against St. Jude stock in a report that described two cybersecurity vulnerabilities in popular St. Jude pacemakers. 

St. Jude Medical has said that research was fraudulent.

ADVERTISEMENT

Muddy Waters’ based its report on research done by the firm MedSec. The report's release was controversial. MedSec and Muddy Waters made no efforts to allow St. Jude to patch the vulnerabilities, both maximizing the profits from the short sale and maximizing the potential for bad actors to hack implanted devices before they could be repaired. 

A lab at the University of Michigan that tried to reproduce one of the hacks in the report said that the purported evidence of a successful attack looked suspiciously like the readout from a device that was not properly attached to a heart

That followed St. Jude’s immediate pushback against the other hack in the Muddy Waters report – a claim that a battery-draining attack would require a victim to stay still for hours if not days. 

"Our top priority is to reassure patients, caregivers and physicians who use our life-saving devices that we are committed to the security of our products and to ensure patients and their doctors maintain ongoing access to the proven clinical benefits of remote monitoring," said Mark Carlson, vice president and chief medical officer at St. Jude Medical in a written statement.

The suit accuses that Muddy Waters and MedSec of making false statements, false advertising, conspiracy and manipulation of the stock markets.

Before the MedSec report, Abbott Labs announced it would purchase St. Jude for $25 billion. It has said it is standing by the purchase.