“Together, the company will compete in nearly every area of the $30 billion cardiovascular market and hold the No. 1 or 2 positions across large and high-growth cardiovascular device markets,” according to the company.

It is estimated that the combined cardiovascular and neuromodulation portfolio will hit about $8.7 billion in annual sales.

Cybersecurity concerns about the St. Jude Medical device surfaced in Fall 2016 when short seller Muddy Waters and security firm Medsec raised alarms.

St. Jude fired back four days later, stating that, “we have examined the allegations made by (Muddy Waters) Capital and MedSec on August 25, 2016, regarding the safety and security of our pacemakers and defibrillators, and while we would have preferred the opportunity to review a detailed account of the information, based on available information, we conclude that the report is false and misleading,” the company stated. “Our top priority is to reassure our patients, caregivers and physicians that our devices are secure, and to ensure ongoing access to the proven clinical benefits of remote monitoring. St. Jude Medical stands behind the security and safety of our devices as confirmed by independent third parties and supported through our regulatory submissions.”

Carson Block, head of Muddy Waters, announced the firm was short-selling the St. Jude Medical stock because of the alleged security risks, and called for the equipment to be recalled and sales of the devices to be stopped until changes could be made.

“The nightmare scenario is [that] somebody is able to launch a mass attack and cause these devices that are implanted to malfunction,” Block said in an interview at the time. The company “should stop selling these devices until it has developed a new, secure communication protocol.”

Muddy Waters said MedSec raised the concerns with it three months earlier. The company, which includes several hackers such as CEO Justine Bone, told Muddy Waters it had been trying to find security flaws in medical devices from major manufacturers and determined that the St. Jude products had an “astounding” level of problems, according a Bloomberg report at the time.

In September 2016, St. Jude announced that it was suing Muddy Waters Consulting, Muddy Waters Capital, MedSec Holdings, MedSec, and three individuals, all principals in the firms, over the claims, which it called “false.”

"We felt this lawsuit was the best course of action to make sure those looking to profit by trying to frighten patients and caregivers, and by circumventing appropriate and established channels for raising cybersecurity concerns, to not use this avenue to do so again,” said Michael T. Rousseau, then-president and chief executive officer at St. Jude Medical. "We believe this lawsuit is critical to the entire medical device ecosystem — from our patients who have our life saving devices, to the physicians and caregivers who care for them, to the responsible security researchers who help improve security, to the long-term St. Jude Medical investors who incurred losses due to false accusations as part of a wrongful profit-making scheme."

Back to HCB News

Health IT Homepage