The short-selling investment firm has posted video that it says demonstrates a St. Jude Medical pacemaker being hacked.

Chris Newmarker

Muddy Waters on Monday fired back at St. Jude Medical's claims that the investment firm had released a false and misleading report claiming major cybersecurity vulnerabilities with St. Jude implantable cardio devices. 

"STJ's response contained very little substance, and actually included admissions to several key points. ... There were two components to STJ's response: substance (~20%) and fluff (~80%)," Muddy Waters said in a statement. And it also posted a video that it claims shows the hacking of a St. Jude medical pacemaker.

The result was another day of erratic stock trading for the Minnesota-based medical device company, which is in the process of being acquired by Abbott Labs for $25 billion. St. Jude Medical stock, though, still managed to end Monday slightly up.

Muddy Waters and MedSec have claimed appalling security problems related to a host of St. Jude cardio devices. They mentioned demonstrations of two types of attacks against St. Jude implantable cardiac devices: a "crash" attack leading to device malfunction or even pacing at a dangerous rate, and a battery drain attack. The weak spot in St. Jude's device ecosystem is its Merlin@home home monitoring systems, which Muddy Waters and MedSec described as "keys to the castle."

Chris Newmarker is senior editor of Qmed. Follow him on Twitter at @newmarker. Editor-in-chief Jamie Hartford contributed to this report.