St. Jude faces more pushback in pump cybersecurity suit

(Star Tribune)

St. Jude ($STJ) has argued that its cardiac implants aren’t vulnerable to hackers, even though a short-selling firm, Muddy Waters, has suggested otherwise. Now, the company is facing more pushback after the firm released a report showing the devices’ vulnerability.

The 53-page report, which Muddy Waters got from boutique cyber security firm Bishop Fox, said that wireless communications in St. Jude cardiac devices are open to hacking, Reuters reports. Several types of attacks are possible, including hackers turning off the device from afar or sending shocks to a patient’s heart.

St. Jude isn’t taking the findings lightly. The St. Paul, MN-based company will respond to the claims “through appropriate legal channels,” a St. Jude spokeswoman told Reuters, potentially adding to the legal drama that started last month.

In September, St. Jude sued San Francisco-based Muddy Waters and Miami-based short-selling firm MedSec for allegedly giving out false information about its heart devices to change its stock price. Muddy Waters and MedSec previously raised concerns about the company’s implants, and St. Jude stock fell 5% the day they went public with their claims.

The latest report is part of Muddy Waters' and MedSec's defense. St. Jude's lawyers are reviewing the documents from Muddy Waters and MedSec, Candace Steele Flippin, a company spokeswoman, told Reuters.

"We continue to feel this lawsuit is the best course of action to make sure those looking to profit by trying to frighten patients and caregivers are held accountable for their actions," Flippin said in an email to the news outlet.

Muddy Waters and MedSec aren’t going down without a fight. St. Jude’s devices have “significant security vulnerabilities,” the report said. “Muddy Waters’ and MedSec’s statement regarding security issues in the St. Jude Medical implant ecosystem were, by and large, accurate,” the report said, as quoted by Reuters.

Meanwhile, the FDA is looking into claims about the implants' security. For the time being, patients should continue to use the devices because their benefits outweigh their risks, regulators said.