|
 Muddy Waters, run by Carson Block, said in late August that St.
Jude's pacemakers and defibrillators, which are used to regulate
heart rhythm and treat cardiac arrest, had cybersecurity flaws that
enabled them to be hacked and manipulated, with potentially fatal
consequences.
The accusations that the devices are seriously flawed, based on
research from start-up cybersecurity company MedSec, knocked St.
Jude's shares back 10 percent on Aug. 25. Shares recovered to end
that day down 5 percent and remain off by 3 percent.
St. Jude earlier this year agreed to be purchased by Abbott Inc for
about $85 per share in cash and stock.
In the lawsuit, St. Jude said Block's statements were defamatory and
false, and described the defendants as perpetrating a "willful and
malicious scheme to manipulate the securities markets for their own
financial windfall."
A spokesman for Muddy Waters and MedSec said in an emailed
statement, "It is not unusual for a company like this (St. Jude's)
to try to silence its critics and we are always prepared to
vigorously defend our right to criticize a company that puts its
profits before its patients."
St Jude faces strong free-speech defenses to its defamation claim.
Under Minnesota law, the company will most likely have to show not
just that the defendants put out wrong information, but did so
knowingly and maliciously, lawyers with expertise in such cases
said.
Muddy Waters, which became known in 2012 for shorting Chinese
companies that trade in North America, declined to comment on the
size of its St. Jude short bet. MedSec has acknowledged that it will
reap financial gains related to Muddy Waters' short investment.
MedSec Chief Executive Justine Bone told Reuters recently that her
firm approached Muddy Waters with a proposal to short St. Jude about
three months ago, after spending 18 months in "research mode" and
not generating any revenue.
The St. Jude short will help MedSec finance development of
technology it is building to secure medical devices, and will also
enable the firm to educate the public about security flaws that put
patients at risk, she said.
"We have expenses we incur. This is a business relationship," Bone
said of the partnership with Muddy Waters. "But our goal here is to
bring this to the attention of the public."
She did not respond to a request for comment on Wednesday.
Short-sellers borrow shares and sell them in expectation the price
will fall. When it does, the short-sellers buy back the shares,
return them to the lender, pay borrowing fees and pocket the
difference.
[to top of second column] |
St. Jude said it had filed the lawsuit to protect the reputation of
its implantable devices, which it said have numerous features that
protect against cyberattacks. It is seeking unspecified financial
damages and for the defendants to give up any profits from their
investment.
Wedbush Securities analyst Tao Levy said the business relationship
between Muddy Waters and MedSec raises questions about the
credibility of the allegations. Based on interviews with many
doctors, he said it appears that medical professionals remain
comfortable with using the devices.
The ethics debate notwithstanding, more such alliances could emerge
if the MedSec-Muddy Waters arrangement proves to be lucrative,
Robert Graham, chief executive of security firm Errata Security,
said in a recent interview.
Another key factor could be the results of an investigation into the
St. Jude's devices by the U.S. Food and Drug Administration, which
oversees medical devices. The agency, which disclosed its
investigation after Muddy Waters went public with the claims, said
St. Jude patients for now should continue to use the devices as
instructed by physicians.
Chris Wysopal, chief technology officer with security software maker
Veracode Inc, said cyber-security researchers are always looking for
ways to monetize their work, and teaming up with short sellers
offers some advantages.
"If you just give it to the company for free, they fix it and people
are happy. But you don’t get any money for your work,” Wysopal said.
The case is St. Jude Medical vs. Muddy Waters, MedSec Holdings et
al, in the United States District Court for the District of
Minnesota, No. 16-cv-03002.
(Reporting by Ransdell Pierson, Jennifer Ablan, Jessica Dye and
Caroline Humer in New York, Jim Finkle in Boston and Ankur Banerjee
in Bengaluru; Editing by Nick Zieminski and Eric Effron)
[© 2016 Thomson Reuters. All rights
reserved.] Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
