St. Jude Medical responded to recent claims about security flaws with its implantable cardiac devices by suing the short-selling firm and research team responsible for the accusations this week in federal court.
The St. Paul-based medical device manufacturer filed suit Wednesday in U.S. District Court for the District of Minnesota against Muddy Waters, MedSec Holdings and their respective executives two weeks after its stock dipped upon the release of a report in which the defendants raised security concerns about pacemakers, defibrillators and similar products sold internationally by St. Jude.
The 33-page lawsuit accuses Muddy Waters and MedSec of colluding on an “intentional, willful and malicious scheme to manipulate the securities markets for their own financial windfall through an unethical and unlawful scheme premised upon falsehoods and misleading statements.”
“We felt this lawsuit was the best course of action to make sure those looking to profit by trying to frighten patients and caregivers, and by circumventing appropriate and established channels for raising cybersecurity concerns, do not use this avenue to do so again,” St. Jude Medical’s president and CEO Michael T. Rousseau said in a statement.
“It is not unusual for a company like this to try to silence its critics, and we are always prepared to vigorously defend our right to criticize a company that puts its profits before its patients,” a Muddy Waters spokesperson responded Wednesday.
In its Aug. 25 report, Muddy Waters said MedSec’s researchers demonstrated how St. Jude’s home-monitored cardiac devices could be hacked with “potentially catastrophic attacks” by interfering with the radio-frequency technology used to send signals from a patient’s body to personal transmitters. Muddy Waters said it expected St. Jude would be forced to recall several products as a result and lose upwards of half its revenue in two years’ time.
St. Jude denounced the report upon its release, and an independent team of cybersecurity researchers at the University of Michigan said MedSec’s findings appeared to be inconclusive. Nonetheless, the report’s publication resulted in St. Jude’s stock suffering its biggest one-day loss in seven months as well as the filing of a class-action lawsuit on behalf of a heart patient who underwent surgery last November to be implanted with a St. Jude device.
“This insidious scheme to try to frighten and confuse patients and doctors by publicly disseminating false and unsubstantiated information in order to gain a financial windfall and thereby cause investors to panic and drive the St. Jude stock price down must by stopped and defendants must be held accountable so that such activity will not be incentivized and repeated in the future,” St. Jude’s attorneys wrote in Wednesday’s filing.
“Our top priority is to reassure patients, caregivers and physicians who use our life-saving devices that we are committed to the security of our products and to ensure patients and their doctors maintain ongoing access to the proven clinical benefits of remote monitoring,” said Mark Carlson, vice president and chief medical officer at St. Jude Medical. “We decided to take this action because of the irresponsible manner in which these groups have acted.”
The suit lists defendants as Muddy Waters and its founder, Carson Block, as well as MedSec and its chief executive, Justine Bone, and a director, Dr. Hemal Nayak. Together they’re accused of making false statements, false advertising, conspiracy and the related manipulation of public markets.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.