Cybersecurity concerns surrounding some of St. Jude Medical’s implantable cardiac devices have caught the attention of federal regulators. According to Reuters, the U.S. Food & Drug Administration (FDA) has promised to thoroughly investigate claims that many of the company’s remotely-monitored defibrillators are vulnerable to cyberattacks.
“Regardless of the way vulnerability comes to our attention, we take those allegations very, very seriously,” Suzanne Schwartz, official responsible for cyber security, told Reuters during a telephone interview last Thursday. “We are putting all of our focus on making sure that we have an understanding of what these allegations are and do a thorough investigation of the claims.”
Reuters revealed the FDA’s investigation just a week after an investment group called Muddy Waters published a report claiming that certain St. Jude pacemakers, defibrillators and cardiac resynchronization devices were easy targets for hackers, especially those bundled with the Merlin@home remote transmitter system.
At the time, Muddy Waters also announced that it had taken a short position in St. Jude stock, which would allow it to benefit financially should shares decline in value.
Since then, St. Jude has been named in at least one class action lawsuit filed by a defibrillator recipient. Muddy Waters had predicted that awards from any products liability litigation related to the controversy could ultimately cost St. Jude as much as $64 billion.
St. Jude has vehemently denied the claims included in the Muddy Waters report. It also filed suit against the investor group, as well as MedSec Holdings Inc., the cybersecurity firm that conducted the tests detailed by Muddy Waters. However, the short seller is standing firm
“It is not unusual for a company like this to try to silence its critics and we are always prepared to vigorously defend our right to criticize a company that puts its profits before its patients,” Muddy Waters stated in an email issued shortly after St. Jude announced its lawsuit.