• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
  • Technologies
    • Artificial Intelligence (AI)
    • Cardiovascular
    • Orthopedics
    • Neurological
    • Diabetes
    • Surgical Robotics
  • Business & Finance
    • Wall Street Beat
    • Earnings Reports
    • Funding Roundup
    • Mergers & Acquisitions
    • Initial Public Offering (IPO)
    • Legal News
    • Personnel Moves
    • Medtech 100 Stock Index
  • Regulatory & Compliance
    • Food & Drug Administration (FDA)
    • Recalls
    • 510(k)
    • Pre-Market Approval (PMA)
    • MDSAP
    • Clinical Trials
  • Special Content
    • Special Reports
    • In-Depth Coverage
    • DeviceTalks
  • Podcasts
    • MassDevice Fast Five
    • DeviceTalks Weekly
    • OEM Talks
      • AbbottTalks
      • Boston ScientificTalks
      • DeviceTalks AI
      • IntuitiveTalks
      • MedtechWOMEN Talks
      • MedtronicTalks
      • Neuro Innovation Talks
      • Ortho Innovation Talks
      • Structural Heart Talks
      • StrykerTalks
  • Resources
    • About MassDevice
    • DeviceTalks
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Webinars
    • Whitepapers
    • Voices
Home » Researchers: Short-seller’s claims about St. Jude Medical devices have ‘major flaws’

Researchers: Short-seller’s claims about St. Jude Medical devices have ‘major flaws’

August 30, 2016 By Brad Perriello

St. Jude Medical's Merlin@homeA short-seller’s report that cardiac rhythm management devices made by St. Jude Medical (NYSE:STJ) are vulnerable to hackers has “major flaws” and doesn’t prove its allegations, according to researchers from the University of Michigan.

Muddy Waters, the firm founded by well-known short-seller Carson Block, last week aimed to disrupt the pending, $25 billion acquisition of St. Jude by Abbott (NYSE:ABT); in addition to his bet that STJ share prices will fall, Block is long on ABT shares. His shop and a startup cybersecurity business called MedSec alleged last week that St. Jude’s implanted cardiac rhythm management devices pose a cybersecurity risk due to vulnerabilities in the Merlin@home monitor.

The Little Canada, Minn.-based company immediately denied the charges and fired off a detailed rebuttal the next day; in response, Muddy Waters yesterday claimed that St. Jude instead proved the short-seller’s assertions. Today St. Jude said that the latest salvo from Muddy Waters, a video purporting to show a Merlin@home device succumbing to a hack, actually shows that the device functioned just as designed.

The U-M researchers said they reproduced the experiments cited in the MedSec report, reproducing error messages Muddy Waters cited as evidence of a “crash attack.”

“But the messages are the same set of errors that display if the device isn’t properly plugged in,” according to the researchers.

“We’re not saying the report is false. We’re saying it’s inconclusive, because the evidence does not support their conclusions. We were able to generate the reported conditions without there being a security issue,” explained Kevin Fu, an associate professor of computer science & engineering and director of the Archimedes Center for Medical Device Security.

When a CRM device’s leads are disconnected, Fu said, the device generates the series of error messages detailed in the Muddy Waters report as evidence of a security breach.

“But really, we believe the pacemaker is acting correctly,” he said. “To the armchair engineer it may look startling, but to a clinician it just means you didn’t plug it in. In layman’s terms, it’s like claiming that hackers took over your computer, but then later discovering that you simply forgot to plug in your keyboard.”

The allegations were barely a day old when a patient in Illinois filed a purported class action lawsuit on behalf of all Illinois residents implanted with “every pacemaker, implantable cardioverter-defibrillator, and cardiac resynchronization therapy pacemaker and/or defibrillator with radiofrequency (‘RF’) telemetry capability that was designed, manufactured, marketed, distributed or sold by the defendants,” according to the complaint, filed August 26 in the U.S. District Court for Central California.

Plaintiff Clinton Ross Jr. was implanted with a Quadra Assura cardiac resynchronization therapy defibrillator last November and used the Merlin@home device, according to the complaint.

“Plaintiff Ross was told that the Quadra Assura would be remotely monitored by his physician using the Merlin@home transmitter. Mr. Ross was additionally told that remote monitoring would not in any way affect the performance of the implanted device and that remote monitoring was safe and secure,” the complaint alleges. “Since learning of the security issues with his Quadra Assura and the Merlin@home transmitter, plaintiff Ross has, based on the recommendation of his physician, discontinued using the Merlin@home transmitter by unplugging the unit from the electrical outlet. Plaintiff Ross, again on the recommendation of his physician, does not intend to use the Merlin@home transmitter until the security issues with his Quadra Assura and the Merlin@home transmitter are resolved and will, therefore, be required to go in person to his doctor’s office to have his cardiac device monitored.”

Ross asserts claims for breach of express warranty, fraudulent concealment, negligence and unjust enrichment. He’s asking the court for class certification; restitution, damages and disgorgement “in an amount to be determined at trial;” pre- and post-judgment interest; and legal costs and fees, according to court documents.

“We want to emphasize that patient safety is and has always been our top priority. In this situation, we believe there are numerous inaccuracies in the complaint,” a St. Jude spokeswoman said in an email.

Filed Under: Cardiovascular, Legal News, Wall Street Beat Tagged With: stjudemedical

More recent news

  • Comphya raises CHF 7.5 million for neurostim to treat ED
  • Fujifilm launches intelligent automation features for digital radiography
  • Integer appoints former iRhythm CEO to board
  • MMI debuts robotic surgery instruments, digital surgery platform
  • Synchrony Medical wins FDA nod for airway clearance system

Primary Sidebar

“md
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest med device regulatory, business and technology news.

DeviceTalks Weekly

See More >

MEDTECH 100 Stock INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy