St. Jude Medical (NYSE:STJ) said today that it’s forming a Cybersecurity Medical Advisory Board as it looks to “advance cybersecurity standards in the medical device industry by working with experts and government agencies” after allegations about the security of its own devices was questioned by a short-selling firm.
Little Canada, Minn.-based St. Jude said the panel will help guide its technology development with an eye toward patient management considerations.
“Our mission is to deliver innovative technologies that save and improve lives,” chief medical officer Dr. Mark Carlson said in prepared remarks. “We take the cybersecurity of our devices very seriously and creating the Cybersecurity Medical Advisory Board is 1 more demonstration of our ongoing commitment to advancing standards of patient care around the world without comprising safety and security.
“We are in the process of finalizing membership for the Cybersecurity Medical Advisory Board, and we will announce its members once finalized,” Carlson said. “We anticipate this board will work with technology experts at St. Jude Medical as well as external researchers to help us maintain and enhance cyber security and patient safety.”
“We recognize that cybersecurity is an ongoing challenge for many industries and it’s essential that medical device companies have a clinical perspective when assessing the security of their products,” added Dr. Leslie Saxon of the Keck School of Medicine at the University of Southern California. “I look forward to working closely with the medical experts on the board to assess cybersecurity risks and how they may affect patient care and safety.”
Back in August, notorious short seller Muddy Waters and a hacking shop issued a report claiming that St. Jude’s cardiac rhythm management devices are a cybersecurity risk due to vulnerabilities in the Merlin@home monitor. St. Jude immediately denied the charges and fired off a detailed rebuttal; in response, Muddy Waters claimed that St. Jude instead proved the short-seller’s assertions.
St. Jude retorted that a Muddy Waters video purporting to show a Merlin@home device succumbing to a hack actually showed that the device functioned just as designed. Researchers at the University of Michigan, seeking to reproduce the faults alleged in the Muddy Waters report, concluded that the report has “major flaws” and that the so-called Merlin@home system crash “are the same set of errors that display if the device isn’t properly plugged in.”
Little Canada, Minn.-based St. Jude later sued Muddy Waters Consulting and the hacking shop behind the report.