St. Jude Medical: Alleged Merlin@home ‘crash’ is actually a security feature

St. Jude Medical (NYSE:STJ) today issued another strongly worded refutal of accusations made by a short-seller aiming to drive its share price down, denying the allegations and calling out Muddy Waters, the firm founded by well-known short-seller Carson Block, “irresponsible, misleading and unnecessarily frightening” to patients.

The short-seller is aiming to disrupt the pending, $25 billion acquisition of St. Jude by Abbott (NYSE:ABT); in addition to his bet that STJ share prices will fall, Block is long on ABT shares. His shop and a startup cybersecurity business called MedSec alleged last week that St. Jude’s implanted cardiac rhythm management devices pose a cybersecurity risk due to vulnerabilities in the Merlin@home monitor. The Little Canada, Minn.-based company immediately denied the charges and fired off a detailed rebuttal the next day; in response, Muddy Waters yesterday claimed that St. Jude instead proved the short-seller’s assertions.

Today St. Jude said that the latest salvo from Muddy Waters, a video purporting to show a Merlin@home device succumbing to a hack, actually shows that the device functioned just as designed.

“Further demonstrating their fundamental lack of understanding of St. Jude Medical’s medical device technology, Muddy Waters Capital and MedSec presented a video yesterday that actually demonstrated the Radio Frequency (RF) Telemetry Lockout security feature of our pacemakers – not a ‘crash’ as they claimed. The video also confirms that the device’s clinical functions are operating as expected under these conditions,” the company said.

“The video clearly shows a security feature, not a flaw. The pacemaker is actually functioning as designed. If attacked, our pacemakers place themselves into a ‘safe’ mode to ensure the device continues to work, which further proves our commitment to safety and security,” explained chief technology officer Phil Ebeling.

The devices are also designed to disable further RF communication for a spell, the company said, “which may appear to the untrained eye as having rendered the device disabled, although it continues to function.” All of its devices have built-in security features to prevent unauthorized users from hijacking them, St. Jude said.

“Patient safety is and has always been our top priority,” chief medical officer Dr. Mark Carlson said in prepared remarks. “Our devices are safe and we have taken and continue to take appropriate steps to address the dynamic challenges of cyber security. We do this because it is the responsible thing to do for the patients and physicians who rely on our devices.”

“The allegations made by Muddy Waters and MedSec are irresponsible, misleading and unnecessarily frightening patients,” added president & CEO Michael Rousseau. “We want our patients to know that they can feel secure about the cybersecurity protections in place on our devices. This behavior speaks volumes about the profit-seeking motives and integrity of these organizations.”

STJ shares are off -3.7% since Muddy Waters launched its assault August 25, rising 0.8% to $78.88 apiece this morning in pre-market trading. Abbott’s offer works out to about $85 per share.

The post St. Jude Medical: Alleged Merlin@home ‘crash’ is actually a security feature appeared first on MassDevice.

from MassDevice http://ift.tt/2c7VwTR