MD+DI Online is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Muddy Waters: Here's Proof St. Jude Is Vulnerable

The short-selling investment firm has posted video that it says demonstrates a St. Jude Medical pacemaker being hacked.

Chris Newmarker

Muddy Waters on Monday fired back at St. Jude Medical's claims that the investment firm had released a false and misleading report claiming major cybersecurity vulnerabilities with St. Jude implantable cardio devices. 

"STJ's response contained very little substance, and actually included admissions to several key points. ... There were two components to STJ's response: substance (~20%) and fluff (~80%)," Muddy Waters said in a statement. And it also posted a video that it claims shows the hacking of a St. Jude medical pacemaker.

The result was another day of erratic stock trading for the Minnesota-based medical device company, which is in the process of being acquired by Abbott Labs for $25 billion. St. Jude Medical stock, though, still managed to end Monday slightly up.

Muddy Waters and MedSec have claimed appalling security problems related to a host of St. Jude cardio devices. They mentioned demonstrations of two types of attacks against St. Jude implantable cardiac devices: a "crash" attack leading to device malfunction or even pacing at a dangerous rate, and a battery drain attack. The weak spot in St. Jude's device ecosystem is its Merlin@home home monitoring systems, which Muddy Waters and MedSec described as "keys to the castle."

Structural Heart Opportunities and Challenges

TAVR and TMVR are among the hottest technologies in medtech right now. Learn what it takes to innovate in the structural heart space at the MD&M Minneapolis conference on September 21. Qmed readers get 20% off with promo code Qmed16.

Chris Newmarker is senior editor of Qmed. Follow him on Twitter at @newmarker. Editor-in-chief Jamie Hartford contributed to this report.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.