MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Researchers: Short-seller’s claims about St. Jude Medical devices have ‘major flaws’

Researchers: Short-seller’s claims about St. Jude Medical devices have ‘major flaws’

By

St. Jude Medical's Merlin@homeA short-seller’s report that cardiac rhythm management devices made by St. Jude Medical (NYSE:STJ) are vulnerable to hackers has “major flaws” and doesn’t prove its allegations, according to researchers from the University of Michigan.

Muddy Waters, the firm founded by well-known short-seller Carson Block, last week aimed to disrupt the pending, $25 billion acquisition of St. Jude by Abbott (NYSE:ABT); in addition to his bet that STJ share prices will fall, Block is long on ABT shares. His shop and a startup cybersecurity business called MedSec alleged last week that St. Jude’s implanted cardiac rhythm management devices pose a cybersecurity risk due to vulnerabilities in the Merlin@home monitor.

The Little Canada, Minn.-based company immediately denied the charges and fired off a detailed rebuttal the next day; in response, Muddy Waters yesterday claimed that St. Jude instead proved the short-seller’s assertions. Today St. Jude said that the latest salvo from Muddy Waters, a video purporting to show a Merlin@home device succumbing to a hack, actually shows that the device functioned just as designed.

The U-M researchers said they reproduced the experiments cited in the MedSec report, reproducing error messages Muddy Waters cited as evidence of a “crash attack.”

“But the messages are the same set of errors that display if the device isn’t properly plugged in,” according to the researchers.

“We’re not saying the report is false. We’re saying it’s inconclusive, because the evidence does not support their conclusions. We were able to generate the reported conditions without there being a security issue,” explained Kevin Fu, an associate professor of computer science & engineering and director of the Archimedes Center for Medical Device Security.

When a CRM device’s leads are disconnected, Fu said, the device generates the series of error messages detailed in the Muddy Waters report as evidence of a security breach.

“But really, we believe the pacemaker is acting correctly,” he said. “To the armchair engineer it may look startling, but to a clinician it just means you didn’t plug it in. In layman’s terms, it’s like claiming that hackers took over your computer, but then later discovering that you simply forgot to plug in your keyboard.”

The allegations were barely a day old when a patient in Illinois filed a purported class action lawsuit on behalf of all Illinois residents implanted with “every pacemaker, implantable cardioverter-defibrillator, and cardiac resynchronization therapy pacemaker and/or defibrillator with radiofrequency (‘RF’) telemetry capability that was designed, manufactured, marketed, distributed or sold by the defendants,” according to the complaint, filed August 26 in the U.S. District Court for Central California.

Plaintiff Clinton Ross Jr. was implanted with a Quadra Assura cardiac resynchronization therapy defibrillator last November and used the Merlin@home device, according to the complaint.

“Plaintiff Ross was told that the Quadra Assura would be remotely monitored by his physician using the Merlin@home transmitter. Mr. Ross was additionally told that remote monitoring would not in any way affect the performance of the implanted device and that remote monitoring was safe and secure,” the complaint alleges. “Since learning of the security issues with his Quadra Assura and the Merlin@home transmitter, plaintiff Ross has, based on the recommendation of his physician, discontinued using the Merlin@home transmitter by unplugging the unit from the electrical outlet. Plaintiff Ross, again on the recommendation of his physician, does not intend to use the Merlin@home transmitter until the security issues with his Quadra Assura and the Merlin@home transmitter are resolved and will, therefore, be required to go in person to his doctor’s office to have his cardiac device monitored.”

Ross asserts claims for breach of express warranty, fraudulent concealment, negligence and unjust enrichment. He’s asking the court for class certification; restitution, damages and disgorgement “in an amount to be determined at trial;” pre- and post-judgment interest; and legal costs and fees, according to court documents.

“We want to emphasize that patient safety is and has always been our top priority. In this situation, we believe there are numerous inaccuracies in the complaint,” a St. Jude spokeswoman said in an email.

In case you missed it

RSS From Medical Design & Outsourcing

  • CVRx CEO Nadim Yared suggests steps toward improving diversity and equality
    In this week’s episode of DeviceTalks Weekly, we follow up with last week’s guest, Nadim Yared, CEO of CVRx, to catch up on how the medtech executive is managing during the pandemic. Yared also shares some far-reaching views on what the medtech industry needs to work toward to improve diversity in its workforce and provide… […]
  • Ogura Industrial touts holding brakes for robotic and medical equipment
    As automation continues to accelerate, there’s a growing need to hold equipment in place in the case of a power failure — or to provide positioning, according to Ogura Industrial, maker of six different styles of holding brakes. With roughly 120 standard models, key features of Ogura Industrial’s holding brake families include brake diameters down… […]
  • What kinds of COVID-19 tests are out there?
    Months into the pandemic, the FDA continues to grant emergency use approval (EUA) to new tests to detect the virus that causes COVID-19 and the antibodies that indicate a person has had it. To date, the FDA has granted EUAs for 171 tests —142 molecular tests, 27 antibody tests, and 2 antigen tests. Given the ever-changing… […]
  • FDA plans to resume onsite inspections later this month
    FDA has a goal of restarting on-site inspections during the week of July 20 — four months after it temporarily halted them — though there will be changes due to the COVID-19 pandemic. The agency today said that it will pre-announce inspections to FDA-regulated businesses. Said FDA: “This will help assure the safety of the… […]
  • Formlabs announces new biocompatible, medical-grade resins
    Formlabs, the Somerville, Mass.–based maker of 3D printers, recently announced six new materials across its Form 3, Form 3B, and Form 2 SLA 3D printers — including two new biocompatible, medical-grade resins. The new material families and resins are meant to provide more options for designers and engineers in fields including: Healthcare — with a… […]
  • Magnolia Medical launches Steripath Gen2 with integrated syringe
    Magnolia Medical this week said it launched its Steripath Gen2 Initial Specimen Diversion Device with an integrated syringe. The device is designed for reducing blood culture contamination in “hard stick” patients and syringe collection protocols. Steripath Gen2 features an integrated syringe that addresses difficult intravenous access. It offers precise control to carefully collect blood samples.… […]
  • How Frankenstein sparked Earl Bakken’s love of medical devices
    When the late Medtronic founder Earl Bakken first watched the classic horror movie “Frankenstein” in the 1930s, it did more than just scare: It inspired. “What intrigued me the most as I sat through the movie again and again, was the creative spark of Dr. Frankenstein’s electricity,” Bakken said in his 1990 autobiography “One Man’s… […]
  • Boston researchers have created a potential N95 mask alternative
    Brigham & Women’s Hospital says it is developing a new, sustainable alternative to N95 respirator masks that are in demand during the COVID-19 pandemic. A team of bioengineers and clinical experts at the Boston-based hospital and the Massachusetts Institute of Technology (MIT) are working on the “injection molded autoclavable, scalable, conformable” iMASC system for providing… […]
  • MIT researchers think they’ve found a way to get more particles through a syringe
    Researchers at the Massachusetts Institute of Technology (MIT) are touting a computational model that could prevent microparticle clogging during injections. Microparticles, which are about the size of a grain of sand, can be difficult to inject if they get clogged in a typical syringe. The research team at MIT developed this new model that determines… […]
  • Fotofab adds direct-imaging machine for chemical etching
    Fotofab announced this week that it has acquired a new Chime Ball Technologies direct-imaging (DI) machine from Technica, USA to optimize its chemical etching process and provide a more advanced level of precision and speed for thin metal parts. The DI machine has CBT’s patented finger-print technology with LED lighting that enables Fotofab to directly… […]
  • Could this heated air filter help fight COVID-19?
    University of Houston researchers and medical real estate development firm Medistar claim that they’ve designed an air filter that can catch and instantly kill the virus that causes COVID-19. Galveston National Laboratory tests on the filter found it killed 99.8% of SARS-CoV-2 virus in a single pass — as well as 99.9% of anthrax spores,… […]

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube