2016-08-25 14:13:12 | St. Jude plunges after short-seller alleges security flaws in devicesShares of St. Jude Medical (STJ) have slipped after Muddy Waters Research disclosed that it is shorting the stock of the medical device maker on possible hacking vulnerabilities, as it believes the company's defibrillators and pacemakers can be easily compromised, causing possible fatal disruptions. DEVICE SAFETY AT ISSUE: In a report to investors issued this morning, the firm founded by Carson Block said it is shorting St. Jude Medical, or betting that the stock price will decline. The firm claims that St. Jude's pacemakers and defibrillators should be recalled and remediated, which would take at least two years. Muddy Waters said it has seen demonstrations of two types of cyber-attacks against St. Jude's implantable cardiac devices, namely a "crash" attack that causes them to malfunction and a battery drain attack that could be particularly harmful to device dependent users. According to Block's firm, the home monitoring units called "Merlin@home" are particularly susceptible to attacks as they "lack even the most basic forms of security and [...] can be exploited to cause implanted devices to malfunction and harm users." Based on these issues with the devices, Muddy sees "a strong possibility that close to half" of the company's revenue is "about to disappear for approximately two years." Even without a recall, the product safety issues "offer unnecessary health risks and should receive serious notice," the firm contended. The short-selling firm became aware of the alleged flaws after being contacted by cyber security firm MedSec, which had been testing medical devices made by four leading companies. ST. JUDE'S RESPONSE: Contacted by The Fly following the short call recommendation, St. Jude Medical's Chief Technology Officer Phil Ebeling said that "the allegations are absolutely untrue." "There are several layers of security measures in place. We conduct security assessments on an ongoing basis and work with external experts specifically on Merlin@ home and on all our devices," he said. CYBERSECURITY GUIDELINES: The Federal Drug Administration recommends manufacturers and health care facilities take steps to ensure appropriate safeguards, with the former responsible for remaining vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity. Furthermore, the FDA sees manufacturers as the ones responsible for putting appropriate mitigations in place to address patient safety risks and ensure proper device performance, according to draft guidelines available on the regulator's website. WHAT'S NOTABLE: On April 28, Abbott (ABT) announced that it had agreed to acquire St. Jude Medical for $46.75 in cash and 0.8708 shares of Abbott common stock, representing total consideration of approximately $85 per share. PRICE ACTION: In afternoon trading, shares of St. Jude Medical have dropped 5% to $77.78, while Abbott shares are down about 0.6% at $42.90. | |
---|