St Jude’s Medical Devices Pose ‘Serious Security Vulnerabilities’ Security Consulting Firm Says


St Jude’s Medical Devices Pose ‘Serious Security Vulnerabilities’ Security Consulting Firm Says

Muddy Waters, a short selling fund managed by Carson Black, hounded St. Jude Medical (NYSE: STJ) for allegedly selling its pacemaker devices with knowledge that it poses a cyber security threat.

St. Jude responded with a lawsuit against the short selling firm.  In return, Muddy Waters issued a legal response over the weekend, noting that its claims are of the highest public interest and concern.

To further support its claim that St. Jude’s devices are vulnerable to a cyber attack, Muddy Waters hired a security consulting firm called Bishop Fox to opine on the the company’s devices.

Bishop Fox’s lead expert, Carl Livitt, concluded from his research:

“My overall opinion regarding the security of the St. Jude Medical implantable cardiac device ecosystem is that the security measures I observed do not meet the security requirements of a system responsible for safeguarding life-sustaining equipment implanted in patients.”

Specifically, the wireless protocol that St. Jude Medical’s devices use has serious security vulnerabilities that do indeed make it possible for individuals to gain access to the device and convert the medical device into a weapon that can deliver shocks.

Bishop Fox’s analysis also showed how an attack using antennas and specialized devices could result in a criminal gaining access to the medical device as far away as 100 feet (30 meters).

FDA Jumps In

The U.S. Food and Drug Administration (FDA) jumped in on publicly commented on the ongoing allegations made by Muddy Waters.

The regulatory authority, according to a Reuters report, said that St. Jude’s clients should continue using the device.  In terms of the legal proceedings between the company and short seller, the regulatory body won’t comment on the litigation.

The FDA also noted that they believe the benefits of the devices far outweigh any potential security vulnerabilities.

A St. Jude spokesperson also confirmed with Reuters that its lawyers are reviewing the documents that Muddy Waters filed.

The spokesperson, Candace Steele Flippin, was also quoted by Reuters saying that a lawsuit is “the best course of action to make sure those looking to profit by trying to frighten patients and caregivers are held accountable for their actions.”