Skip to content Skip to navigation

St. Jude Medical Sues Muddy Waters Over Allegations about the Security of its Cardiac Medical Devices

September 8, 2016
by Heather Landi
| Reprints

St. Jude Medical announced that it has filed a lawsuit against Muddy Waters Consulting LLC, Muddy Waters Capital LLC, MedSec Holdings, Ltd. and MedSec LLC on the basis of alleged false statements, false advertising, conspiracy and the related manipulation of the public markets stemming from a report alleging poor security on its cardiac medical devices.

The lawsuit is in connection to a report from short selling firm Muddy Waters released last month that noted demonstrations of cyber attacks to two of St. Jude Medical’s implantable cardiac management devices. Several days after the report was released, as reported by Healthcare Informatics, St. Jude Medical officials responded by refuting the claims by Muddy Waters and MedSec regarding the safety and security of its pacemakers and defibrillators.

The Minnesota-based global medical device manufacturer saw its shares drop after the Muddy Waters Capital report came out, according to media reports. The lawsuit is against Muddy Waters and its cybersecurity research partner MedSec as well as three individual defendants who are principals in the firms. The lawsuit was filed in the United States District Court for the District of Minnesota

In a press release, St. Jude Medical officials stated, “With this action, St. Jude Medical seeks to hold these firms and individuals accountable for their false and misleading tactics, to set the record straight about the security of its devices, and to help cardiac patients and their doctors make informed medical decisions about products that enhance and save lives every day.”

Michael T. Rousseau, president and chief executive officer at St. Jude Medical said in a prepared statement that the company was turning to the court to hold Muddy Waters and MedSec accountable for what he referred to as financially motivated scare tactics. ““We felt this lawsuit was the best course of action to make sure those looking to profit by trying to frighten patients and caregivers, and by circumventing appropriate and established channels for raising cybersecurity concerns, do not use this avenue to do so.”

St. Jude Medical officials stated, “The lawsuit filed today alleges that Muddy Waters, MedSec and the other defendants intentionally disseminated false and misleading information in order to lower the value of St. Jude Medical’s stock and to wrongfully profit from a drop in share value through a short-selling scheme. The company’s complaint refers to the Muddy Waters and MedSec repeated false allegations that began on August 25, 2016 about St. Jude Medical’s implantable cardiac devices. As further explained in the company’s complaint, the defendants’ financially self-interested attempts to mislead doctors and patients demonstrate a total disregard for the patients whose lives depend on their cardiac management devices.”

According to St. Jude Medical, the complaint also cites a third-party assessment of the Muddy Waters Report by University of Michigan researchers “who found that ‘the evidence does not support their conclusions… [the University of Michigan researchers] were able to generate the reported conditions without there being a security issue.’”




ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.