(Reuters) — Short-selling firm Muddy Waters said in a legal filing on Monday that outside experts it hired validated its claims that St. Jude Medical Inc cardiac implants are vulnerable to potentially life-threatening cyber attacks.
U.S. regulators responded by reiterating previous advice that patients should keep using the devices, and a St. Jude spokeswoman said the company would respond “through appropriate legal channels.”
READ MORE: Health Canada recalls St. Jude defibrillators over faulty battery after 2 deaths
Muddy Waters released a 53-page report from boutique cyber security firm Bishop Fox as part of a legal filing in federal court in Minnesota in its defense against a suit brought by St. Jude. Bishop Fox said in the report it validated the claims with help from well-known specialists in cryptography, computer hardware hacking, forensics and wireless communications, and cyber research firm MedSec Holdings that St. Jude cardiac implants are susceptible to hacking.
St. Paul, Minnesota-based St. Jude has strongly disputed those claims, which are under investigation by the U.S. Food and Drug Administration.
One of the world’s biggest makers of implantable cardiac devices, St. Jude filed a lawsuit against San Francisco-based Muddy Waters, Miami-based MedSec and individuals affiliated with those firms on Sept. 7.
St. Jude accused them of intentionally disseminating false information about its heart devices to manipulate its stock price, which fell 5 percent the day they went public with their claims.
WATCH: B.C. doctors use Chinese-made device to fix leaky heart valve
The FDA said in a statement it had no comment on the litigation but that based on information obtained to date it urged patients to continue using devices as directed by their physicians.
“The benefits of the devices far outweigh any potential cyber security vulnerabilities,” the FDA said of St. Jude’s cardiac implants, which the company said have been implanted in hundreds of thousands of patients.
St. Jude spokeswoman Candace Steele Flippin said the company’s lawyers were reviewing the documents from Muddy Waters and MedSec.
Short sellers like Muddy Waters make bets that stock prices will fall, selling borrowed shares so they can buy them at a lower price and profit from the difference.
- Shoppers faces proposed class action over claims company is ‘abusive’ to pharmacists
- Most Canadian youth visit dentists, but lack of insurance a barrier
- ‘Bacterial vampirism’: Deadly pathogens attracted to human blood, study finds
- Budget 2024: Liberals look to offset drug plan cost with higher smoking, vaping taxes
READ MORE: Study says tiny wireless pacemaker OK; doctors reluctant to use it widely
The report said the wireless communications in St. Jude cardiac devices are vulnerable to hacking, making it possible for hackers to convert the company’s Merlin@home patient monitoring devices into “weapons” that can cause cardiac implants to stop providing care and deliver shocks to patients.
Bishop Fox said it conducted successful test attacks from 3 metres away, but that the range might be extended to as far as 30 metres with an antenna and a specialized device known as a software defined radio.
The report said Bishop Fox confirmed that several different types of hacks were possible. In one instance, it said, a hacker could remotely turn off the therapeutic functions of an implantable cardioverter defibrillator (ICD), then send a T-wave shock to a patient’s heart, causing ventricular fibrillation, would could lead to cardiac arrest.
Comments