St. Jude Medical stated that its analysis concluded that the majority of the observations in the report apply to older versions of the Merlin@home devices that have not been updated through an automated remote upgrade process.

“We are confident in the technology that we provide and in our process for continuously building upon our security protocols and processes. We want to reassure our patients that our systems meet the highest international security requirements, as required by regulatory authorities and international standards organizations,” St. Jude Medical stated in its response.


Meanwhile, some doctors and researchers at the University of Michigan are saying the Muddy Waters and MedSec report had its own problems. The UM researchers, which include several leading medical device experts and a cardiologist, said they conducted their own experiments with the devices.

“We’re not saying the report is false. We’re saying it’s inconclusive because the evidence does not support their conclusions. We were able to generate the reported conditions without their being a security issue,” Kevin Fu, U-M associate professor of computer science and engineering, and directors of the Archimedes Center for Medical Device Security said, according to the University of Minnesota College of Engineering.

Fu and his colleagues said they believed the pacemaker was acting correctly, but may not have been plugged in properly.

UM researchers said that despite their findings, medical device manufacturers should always be looking to improve the cybersecurity of their products. They noted they will continue to investigate the claims in the Muddy Waters report.

The U.S. Food and Drug Administration also said it is investigating the Muddy Waters claims but did not recommend any changes at this time.

“At the present time, patients should continue to use their devices as instructed and not change any implanted devices. FDA will provide updates as we learn more. In the interim, if a patient has a question or concern, they should talk with their doctor,” FDA spokesperson Andrea Fischer said in an email to the Star Tribune.

The allegations, which did cause the stock to drop for a time, could also impact the planned acquisition of the company by Abbott Laboratories. The Bloomberg.com story noted that if the claims were proven, it could halt the sale of the company or at least lead to a renegotiation of the deal. Abbott announced in April it was buying St. Jude Medical for about $25 billion. The sale is expected to close by the end of the year.

Back to HCB News

Cardiology Homepage