St. Jude Medical, a global medical device company, has filed a lawsuit against Muddy Waters Consulting, Muddy Waters Capital, MedSec Holdings, MedSec and three individual defendants who are principals in these firms, for false statements, false advertising, conspiracy and the related manipulation of the public markets in connection with St. Jude Medical’s implantable cardiac management devices.
With this action, St. Jude Medical seeks to hold these firms and individuals accountable for their false and misleading tactics, to set the record straight about the security of its devices, and to help cardiac patients and their doctors make informed medical decisions about products that enhance and save lives every day.
"We felt this lawsuit was the best course of action to make sure those looking to profit by trying to frighten patients and caregivers, and by circumventing appropriate and established channels for raising cybersecurity concerns, do not use this avenue to do so again,” said Michael T. Rousseau, president and chief executive officer at St. Jude Medical. "We believe this lawsuit is critical to the entire medical device ecosystem—from our patients who have our life saving devices, to the physicians and caregivers who care for them, to the responsible security researchers who help improve security, to the long-term St. Jude Medical investors who incurred losses due to false accusations as part of a wrongful profit-making scheme."
The lawsuit filed alleges that Muddy Waters, MedSec and the other defendants intentionally disseminated false and misleading information in order to lower the value of St. Jude Medical’s stock and to wrongfully profit from a drop in share value through a short-selling scheme. The company’s complaint refers to the Muddy Waters and MedSec repeated false allegations that began on August 25, 2016 about St. Jude Medical’s implantable cardiac devices. As further explained in the company’s complaint, the defendants’ financially self-interested attempts to mislead doctors and patients demonstrate a total disregard for the patients whose lives depend on their cardiac management devices. The complaint also cites a third-party assessment of the Muddy Waters Report by University of Michigan researchers who found that “the evidence does not support their conclusions… [the University of Michigan researchers] were able to generate the reported conditions without there being a security issue.” In addition, an electrophysiologist and cardiologist from the University of Michigan also stated that “given the significant benefits from home monitoring, patients should continue to use their prescribed cardiac devices” at this time.
“We recognize that the cybersecurity landscape is dynamic, which is why we partner with researchers, agencies, consultants and others to continually strengthen our security measures currently in place,” said Phil Ebeling, vice president and chief technology officer at St. Jude Medical. “We also have processes in place to encourage anyone with information about the security of our technology to share it with us so that we can enhance our technology for the benefit of patients.”
St. Jude Medical devices save and improve lives every day, and our devices and systems have multiple features to reduce the risk of cyber security attacks.St. Jude Medical has worked, and will continue to work, with the FDA, the Department of Homeland Security and independent researchers to continually strengthen its security systems in the ever changing cybersecurity environment.
"Our top priority is to reassure patients, caregivers and physicians who use our life-saving devices that we are committed to the security of our products and to ensure patients and their doctors maintain ongoing access to the proven clinical benefits of remote monitoring," said Mark Carlson, vice president and chief medical officer at St. Jude Medical. "We decided to take this action because of the irresponsible manner in which these groups have acted."
The lawsuit was filed in the United States District Court for the District of Minnesota. This case follows St. Jude Medical's recent statements that refuted claims by Muddy Waters and MedSec regarding the safety and security of our pacemakers and defibrillators.