St. Jude lawsuit: Muddy Waters-MedSec report is false, manipulative

Photo credit: Getty/eccolo74

A lawsuit filed Wednesday by St. Jude Medical Inc. calls accusations leveled against the company by investment firm Muddy Waters Capital and security company MedSec for selling unsecure cardiac devices false and manipulative.

St. Jude also wants to “set the record straight” about its devices’ security, the company says in an announcement, calling the lawsuit “critical to the entire medical device ecosystem.”

“We recognize that the cybersecurity landscape is dynamic, which is why we partner with researchers, agencies, consultants and others to continually strengthen our security measures currently in place,” Phil Ebeling, vice president and chief technology officer at St. Jude Medical, says in the announcement. “We also have processes in place to encourage anyone with information about the security of our technology to share it with us so that we can enhance our technology for the benefit of patients.”

Muddy Waters stands by its report, according to the Wall Street Journal, with a spokesperson telling the newspaper that St. Jude is trying to “silence its critics.”

“We are always prepared to vigorously defend our right to criticize a company that puts its profits before its patients,” the spokesman says.

Financial details of the lawsuit were not disclosed, although St. Jude does want Muddy Waters and MedSec to give up any funds obtained as a result of the report, WSJ reports.

Researchers with the University of Michigan question the validity of the Muddy Waters report, saying that in working to recreate error messages discovered by MedSec, their evidence doesn’t support the report’s conclusions. For instance, Kevin Fu, a U-M associate professor of computer science and engineering and director of the Archimedes Center for Medical Device Security, says he and his colleagues believe that the St. Jude pacemaker is acting correctly for the battery of tests performed.