Skip to Content

St. Jude Calls Report of Cyber Flaw in Heart Monitors “False and Misleading”

A St. Jude Medical Promote RF cardiac resynchronization therA St. Jude Medical Promote RF cardiac resynchronization ther
A St. Jude Medical Promote RF cardiac resynchronization therapy devicePhotograph by Bloomberg — Getty Images

Medical device manufacturer St. Jude Medical (STJ) said on Friday that a report by short-selling firm Muddy Waters and a cyber-security researcher alleging its heart devices were riddled with bugs was “false and misleading.”

The report, which caused St Jude shares to decline after its release on Thursday, alleged there were significant security bugs in the company’s Merlin@home device for monitoring implanted heart devices.

St. Jude initially responded on Thursday with a terse statement from its chief technology officer, Phil Ebeling, who said “the allegations are absolutely untrue.” But he did not provide specific examples of errors.

St. Jude on Friday issued a longer analysis, saying the majority of the observations in the report applied to older versions of its Merlin@home devices, which had not been patched with security upgrades that the company automatically pushes out to customers.

“We want to reassure our patients that our systems meet the highest international security requirements, as required by regulatory authorities and international standards organizations,” St Jude said.

Shares slid 2.6% to $75.81 in afternoon trading on more than twice the daily average volume after St. Jude’s comment on Friday.