MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Researchers: Short-seller’s claims about St. Jude Medical devices have ‘major flaws’

Researchers: Short-seller’s claims about St. Jude Medical devices have ‘major flaws’

By

St. Jude Medical's Merlin@homeA short-seller’s report that cardiac rhythm management devices made by St. Jude Medical (NYSE:STJ) are vulnerable to hackers has “major flaws” and doesn’t prove its allegations, according to researchers from the University of Michigan.

Muddy Waters, the firm founded by well-known short-seller Carson Block, last week aimed to disrupt the pending, $25 billion acquisition of St. Jude by Abbott (NYSE:ABT); in addition to his bet that STJ share prices will fall, Block is long on ABT shares. His shop and a startup cybersecurity business called MedSec alleged last week that St. Jude’s implanted cardiac rhythm management devices pose a cybersecurity risk due to vulnerabilities in the Merlin@home monitor.

The Little Canada, Minn.-based company immediately denied the charges and fired off a detailed rebuttal the next day; in response, Muddy Waters yesterday claimed that St. Jude instead proved the short-seller’s assertions. Today St. Jude said that the latest salvo from Muddy Waters, a video purporting to show a Merlin@home device succumbing to a hack, actually shows that the device functioned just as designed.

The U-M researchers said they reproduced the experiments cited in the MedSec report, reproducing error messages Muddy Waters cited as evidence of a “crash attack.”

“But the messages are the same set of errors that display if the device isn’t properly plugged in,” according to the researchers.

“We’re not saying the report is false. We’re saying it’s inconclusive, because the evidence does not support their conclusions. We were able to generate the reported conditions without there being a security issue,” explained Kevin Fu, an associate professor of computer science & engineering and director of the Archimedes Center for Medical Device Security.

When a CRM device’s leads are disconnected, Fu said, the device generates the series of error messages detailed in the Muddy Waters report as evidence of a security breach.

“But really, we believe the pacemaker is acting correctly,” he said. “To the armchair engineer it may look startling, but to a clinician it just means you didn’t plug it in. In layman’s terms, it’s like claiming that hackers took over your computer, but then later discovering that you simply forgot to plug in your keyboard.”

The allegations were barely a day old when a patient in Illinois filed a purported class action lawsuit on behalf of all Illinois residents implanted with “every pacemaker, implantable cardioverter-defibrillator, and cardiac resynchronization therapy pacemaker and/or defibrillator with radiofrequency (‘RF’) telemetry capability that was designed, manufactured, marketed, distributed or sold by the defendants,” according to the complaint, filed August 26 in the U.S. District Court for Central California.

Plaintiff Clinton Ross Jr. was implanted with a Quadra Assura cardiac resynchronization therapy defibrillator last November and used the Merlin@home device, according to the complaint.

“Plaintiff Ross was told that the Quadra Assura would be remotely monitored by his physician using the Merlin@home transmitter. Mr. Ross was additionally told that remote monitoring would not in any way affect the performance of the implanted device and that remote monitoring was safe and secure,” the complaint alleges. “Since learning of the security issues with his Quadra Assura and the Merlin@home transmitter, plaintiff Ross has, based on the recommendation of his physician, discontinued using the Merlin@home transmitter by unplugging the unit from the electrical outlet. Plaintiff Ross, again on the recommendation of his physician, does not intend to use the Merlin@home transmitter until the security issues with his Quadra Assura and the Merlin@home transmitter are resolved and will, therefore, be required to go in person to his doctor’s office to have his cardiac device monitored.”

Ross asserts claims for breach of express warranty, fraudulent concealment, negligence and unjust enrichment. He’s asking the court for class certification; restitution, damages and disgorgement “in an amount to be determined at trial;” pre- and post-judgment interest; and legal costs and fees, according to court documents.

“We want to emphasize that patient safety is and has always been our top priority. In this situation, we believe there are numerous inaccuracies in the complaint,” a St. Jude spokeswoman said in an email.

In case you missed it

RSS From Medical Design & Outsourcing

  • DTW Podcast: 10 ways medtech is finding its footing amid COVID-19
    When COVID-19 set upon the U.S. in March, medtech executives had a month at most to tell Wall Street analysts how the pandemic had hit the industry’s largest companies. We heard about short-term hits in revenues, procedures and employee headcounts, but uncertainty clearly ruled the day. Over the past few weeks, medtech executives from several… […]
  • 3M lays off another 1,700 workers, many related to former drug delivery business
    3M (NYSE:MMM) laid off another 1,700 workers during its second-quarter — with many of the jobs related to the company’s divested drug delivery business. The layoff — announced as part of an SEC filing on July 28 — comes after the Maplewood, Minn.–based manufacturing conglomerate said early this year that it would lay off 1,500 workers — though… […]
  • Millstone Medical completes headquarters expansion
    Millstone Medical Outsourcing has completed its previously announced headquarters expansion in Fall River, Mass. The expansion includes 60,000 square feet of state-of-the-art warehouse and office space that expands capacity in Fall River to 120,000 square feet of production space. The expansion includes 4,500 square feet of mechanical inspection, 31,000 square feet of warehouse area, and… […]
  • Confluent Medical opens catheter development center in Austin, Texas
    Confluent Medical this week announced it has opened a Complex Catheter Design and Development Center in Austin, Texas. The facility is a rapid-prototyping, development and pilot facility that expands the company’s ability to provide customers with electrophysiology and neuromuscular catheters and complex delivery systems for structural heart and vascular applications. Confluent Medical also said its […]
  • J&J’s Ethicon touts surgical stapler study
    Ethicon — part of Johnson & Johnson (NYSE:JNJ) — is highlighting new study results in which its Echelon powered stapler with gripping surface technology (GST) had a lower rate of bleeding-related complications than a competing Medtronic product. Ethicon funded the peer-reviewed study, which appears online in Medical Devices: Evidence and Research. The study compared the Echelon… […]
  • Instron to hold virtual biomedical testing open house
    Instron (Norwood, Mass.) plans to hold its first-ever virtual Biomedical Testing Open House, August 24–27. Register on Instron’s website. The online event will bring together materials testing experts for a mix of presentations and Q&A sessions. Topics will include  PPE and medical device testing, understanding regulatory standards, ensuring data integrity and traceability, and more. Experts… […]
  • Nolato Group acquires GW Plastics
    GW Plastics (Bethel, Vt.) announced today that the Nolato Group (Torekov, Sweden) has acquired it. Financial terms of the deal were not disclosed. GW Plastics’ seven global manufacturing facilities will join Nolato’s more than 25 facilities worldwide — creating a solid position for the newly merged company in North America, Asia and Europe. Officials at… […]
  • Abbott launches study of next-gen ablation catheter
    Abbott today announced it has enrolled the first participants in its TactiFlex PAF IDE study to evaluate the performance of the TactiFlex Ablation Catheter, Sensor-Enabled. The catheter is designed to treat people suffering from paroxysmal atrial fibrillation (PAF) with symptoms that are unable to be managed by medication. TactiFlex combines Abbott’s contact force-sensing technology within… […]
  • This implantable transmitter could provide a wireless option for biomedical devices
    The Purdue University research team is touting a fully implantable radio-frequency transmitter chip they developed for wireless sensor nodes and biomedical devices. The transmitter chip consumes the lowest amount of energy per digital bit among similar technologies published to date, according to the researchers, who published their results in the journal IEEE Transactions on Circuits… […]
  • How a Mars rover is enabling better surgical robots
    From the Perseverance Mars Rover on its way to Mars to race cars, maxon (Taunton, Mass.) credits the aerospace and automotive industries with presenting demanding design challenges that are bearing fruit in other spaces such as surgical robotics. The company’s GPX UP planetary gearbox, for example, is well-suited to provide haptic feedback for surgeons because it… […]
  • Australian researchers think they’ve found a way to attach hydrogels to medical implants
    A research team at the University of Sydney said that it developed a plasma technology to attach hydrogels to polymeric materials. In a paper published in Advanced Functional Materials, the team of biomedical engineers said the plasma technology attaches the jelly-like hydrogel substances that are structurally similar to human soft tissue to the polymeric materials,… […]

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube