The St. Paul, Minn. -based company on Wednesday revealed that it has filed a lawsuit against Carson Block’s Muddy Waters and MedSec, the healthcare-focused cybersecurity research firm that provided the analysis in which the short-seller based its allegations on, and three individuals who are principals in these firm.
Advertisement
As iTWire reported, researchers from the Miami-based MedSec discovered that defibrillators and pacemakers made by St Jude had what they claimed were vulnerabilities in the software that could endanger lives. The devices should be recalled and sales halted while the flaws were fixed, the short-seller said then. The device maker was not given prior notice of the findings.
St. Jude rose 0.7 percent to $79.44 at 11:06 a.m.in NY.
“It is not unusual for a company like this to try to silence its critics”, Muddy Waters said in a statement.
“Our top priority is to reassure patients, caregivers and physicians who use our life-saving devices that we are committed to the security of our products and to ensure patients and their doctors maintain ongoing access to the proven clinical benefits of remote monitoring”, said Mark Carlson, vice president and chief medical officer at St. Jude Medical, in the release.
Muddy Waters, a well-known short seller, had taken a position against St Jude and meant to use MedSec’s vulnerability report to drive St Jude’s price down. The company’s complaint refers to the Muddy Waters and MedSec repeated false allegations that began on August 25, 2016 about St. Jude Medical’s implantable cardiac devices.
St. Jude shares were trading at about $80 at that time, and initially lost 5 percent; but they have since recovered much of that drop.
Block said his firm’s position was motivated by research from MedSec, which has a financial arrangement with Muddy Waters. It alleges that they intentionally and maliciously tried to “manipulate the securities markets for their own financial windfall through an unethical and unlawful scheme premised upon falsehoods and misleading statements”.
MedSec did not immediately respond to a request for comment. The company said cybersecurity risk assessment is part of its quality assurance system, and it has worked with a variety of groups, including the FDA and the Department of Homeland Security, to develop safeguards to prevent the types of attacks described in the report. MedSec has acknowledged that it would share in gains from Muddy Water’s short investment. For example, a red warning light that was interpreted as a device “crash” indicated that wires weren’t connected to a human heart.
In the lawsuit, St Jude Medical continues to refute the MedSec claims, noting that the device maker has taken a variety of measures addressing and improving security of its cardiac products.
The St. Jude lawsuit also claims that a team of medical device cybersecurity researchers at the University of MI subsequently “debunked” certain claims in the Muddy Waters report.
The lawsuit was filed in federal court in Minnesota.
Advertisement
Before it’s here, it’s on the Bloomberg Terminal.
