St. Jude Medical rejected claims made by a famous short seller on Thursday that the company’s pacemakers and other lifesaving devices are vulnerable to cyber attacks.
The allegations, made in a detailed 34-page report by Muddy Waters founder Carson Block, were enough to spook investors on Wall Street. St. Jude’s stock plummeted as much as 8% on Thursday.
St. Jude’s chief technology officer Phil Ebeling called the claims “absolutely untrue.” He said the medical device maker has “several layers of security measures in place” and conducts regular security assessments.
Short seller Block revealed he is now betting against St. Jude stock. He pointed to evidence that St. Jude pacemakers and other implantable cardiac devices are vulnerable to cyber attacks, even from “low level hackers.”
The short seller, who is credited with discovering shady behavior by Sino-Forest and other Chinese companies, cited presentations by security experts that show St. Jude’s implantable cardiac devices can be crashed in way that causes them to malfunction by pacing at a dangerous rate. Block also said the devices’ batteries can be drained.
Hackers can penetrate the St. Jude ecosystem through the company’s “Merlin@home” home monitoring unit, Block said.
St. Jude responded by saying it works with external experts to safeguard Merlin@home as well as other devices.
Any security problem in its devices would be costly to St. Jude. The pacemakers and other implantable cardiac devices make up almost half of the company’s revenue. Block argues there is a “strong possibility” these devices will need to be recalled and fixed, a process that could take two years.
The fight with the short seller comes at an awkward time for St. Jude. The medical device maker is in the process of being purchased by Abbott Laboratories in a mega deal worth $25 billion.