Stock trading was halted Friday as St. Jude issued a longer rebuttal to Muddy Waters Capital's claims that St. Jude implantable cardio devices have major cybersecurity problems.
St. Jude Medical on Friday accused activist investor firm Muddy Waters Capital and cybersecurity outfit MedSec of releasing a false and misleading report about the security of St. Jude devices.
The report had sent St. Jude stock down nearly 5% in value on Thurday after its release. But investors seemed calmed Friday by St. Jude's announcement: St. Jude's stock was down another 3% for the day before trading temporarily halted in the afternoon for the announcement, after which the stock rebounded to its starting point for the day at roughly $78 per share.
Such accusations from a short-selling, activist investment firm come at a delicate time for St. Jude Medical. Abbott Labs is in the process of acquiring St. Jude for $25 billion. Abbott officials have already become lukewarm over another merger they were planning: the $6 billion purchase of diagnostics company Alere, which is now suing Abbott to get the deal completed.
Muddy Waters and MedSec have claimed appalling security problems related to a host of St. Jude cardio devices. They mentioned demonstrations of two types of attacks against St. Jude implantable cardiac devices: a "crash" attack leading to device malfunction or even pacing at a dangerous rate, and a battery drain attack. The weak spot in St. Jude's device ecosystem is its Merlin@home home monitoring systems, which Muddy Waters and MedSec described as "keys to the castle."
- It relied on observations of older Merlin@home units that do not receive the automatic security updates that newer Merlin@home units receive when connected to the Internet. Even if a Merlin@home unit is not in use, it will automatically update when it comes back on line.
- The report claimed an attack could be randomly directed at a St. Jude cardiac device within a roughly 50-foot radius, but the company's implantable devices only have wireless communication within a 7-foot range.
- A screenshot of a Merlin programmer in the Muddy Waters report shows a device that is actually functioning normally, demonstrating a "fundamental lack of understanding of medical device technology" among the report's authors.
TAVR and TMVR are among the hottest technologies in medtech right now. Learn what it takes to innovate in the structural heart space at the MD&M Minneapolis conference on September 21. Qmed readers get 20% off with promo code Qmed16.
Like what you're reading? Subscribe to our daily e-newsletter.
[Image by Corwinhee - Own work, CC BY-SA 4.0]