St. Jude Denies Report Its Heart Devices Are Vulnerable to Cyberattacks -- Update
August 26 2016 - 5:52PM
Dow Jones News
By Ezequiel Minaya
St. Jude Medical Inc. on Friday denied allegations made by a
research firm that its pacemakers and other heart devices were
vulnerable to hacking and other cybersecurity threats.
"St. Jude Medical stands behind the security and safety of our
devices as confirmed by independent third parties and supported
through our regulatory submissions," the company said Friday.
The medical-device maker's comments follow a report by Muddy
Waters Capital LLC, which is known for shorting stocks, or betting
that a company's share price will fall. Muddy Waters has said it
has a short position in St. Jude.
In its report, Muddy Waters said it had seen demonstrations of
cyberattacks against St. Jude devices, citing the work of
cybersecurity startup MedSec. A call seeking a response from a
Muddy Waters representative on St. Jude's comments wasn't
immediately returned.
After the release of the Muddy Waters report on Thursday, St.
Jude's stock slipped 5% and fell an additional 2.6% Friday before
the medical-device maker issued its response.
Following the St. Jude statement, the company's stock ended the
day at $78.01, up 19 cents from its close Thursday.
"We conclude that the report is false and misleading," St. Jude
officials said.
In its report, Muddy Waters claims that St. Jude's heart
devices, such as its defibrillators and pacemakers, are vulnerable
to two types of cyberattacks: one in which the device's system is
"crashed" and a second in which the battery of the device is
drained.
Muddy Waters said that the vulnerable heart devices represented
about 46% of St. Jude's total 2015 revenue of $5.54 billion. The
firm added that even without a recall of devices "the product
safety issues we present in this report offer unnecessary health
risks and should receive serious notice among hospitals, physicians
and cardiac patients."
St. Jude, in its defense, said it has worked with various
experts and regulators involved in cybersecurity to build
safeguards into its devices. "The flawed test methodology on
outdated software demonstrates fundamental lack of understanding of
medical device technology," St. Jude said of the Muddy Waters
report.
St. Jude also said Muddy Waters's battery-draining claims
amounted to exaggerations because an attack would require a hacker
to be within 7 feet of a device for several days to have a chance
to be successful.
"In the unlikely instance that was to occur, the implanted
devices are designed to provide a vibratory patient alert if the
battery dips below a certain threshold to protect and notify
patients," the company said.
The St. Paul, Minn.,-based St. Jude is in the process of getting
bought by Illinois-based Abbott Laboratories in a cash-and-stock
deal valued at $25 billion. An Abbott representative was
unavailable for comment Friday.
Write to Ezequiel Minaya at ezequiel.minaya@wsj.com
(END) Dow Jones Newswires
August 26, 2016 17:37 ET (21:37 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
SJM (NYSE:STJ)
Historical Stock Chart
From Mar 2024 to Apr 2024
SJM (NYSE:STJ)
Historical Stock Chart
From Apr 2023 to Apr 2024