U.S. health regulator
plans 'thorough' probe of St. Jude case
Send a link to a friend
[September 09, 2016]
By Jim Finkle
(Reuters) - The U.S. Food and Drug
Administration plans a "thorough investigation" of allegations about
vulnerabilities in cardiac devices made by St. Jude Medical Inc, the
agency's official responsible for cyber security said on Thursday.
The FDA began its investigation in late August after short-selling
firm Muddy Waters and cyber security firm MedSec Holdings Inc said
they were betting St. Jude shares would fall, making allegations
that its pacemakers and defibrillators have cyber security flaws
that hackers could exploit to harm patients.
St. Jude responded by suing the companies, saying the allegations
are defamatory and false.
"Regardless of the way a vulnerability comes to our attention, we
take those allegations very, very seriously," the FDA official,
Suzanne Schwartz, said in a telephone interview. "We are putting all
of our focus on making sure that we have an understanding of what
these allegations are and do a thorough investigation of the
It was unprecedented for a cyber security researcher to publicize
claims about cyber bugs as part of a short-selling strategy.
The approach also violated advice that the FDA issued in January in
draft guidelines for dealing with cyber security vulnerabilities in
medical devices. They urge researchers to work directly with
manufacturers when they uncover suspected security bugs.
[to top of second column]
Schwartz said that vulnerabilities can typically be dealt with most
efficiently when researchers work directly with manufacturers to
address suspected problems. She said she hoped others would not
follow the approach taken by Muddy Waters and MedSec.
(Reporting by Jim Finkle in Miami; editing by Grant McCool)
[© 2016 Thomson Reuters. All rights
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.