St. Jude Medical’s stock falls following short seller’s report on potential hacking issues

St. Jude Medical’s common stock price fell by more 5 percent on Aug. 25 after a research firm announced it had shorted the company’s stock.

Carson Block, founder of Muddy Waters LLC, wrote a 33-page report to investors warning that St. Jude’s pacemakers and defibrillators could be susceptible to hacking, according to a Bloomberg article.

“We think there’s a very good chance that it’s about to lose close to half of its revenue for a period that could be two years or longer,” Block said during an interview with Bloomberg Television. “This would be due to device recalls.”

St. Jude Medical dismissed the concerns that Block had raised.

“We take the security of our devices and their data very seriously,” St. Jude Medical spokeswoman Candace Steele Flippin said in a statement to Bloomberg. “St. Jude Medical has an ongoing program to perform security testing on our medical devices and networked equipment.”

Block said that he wanted to break up Abbott Laboratories’ proposed acquisition of St. Jude Medical. In April, the companies announced they had agreed to terms on the deal in which Abbott would pay approximately $25 billion in cash for St. Jude Medical. The companies expect the deal to close during the fourth quarter of 2016.

On the afternoon of Aug. 25, a few hours after the report, St. Jude Medical’s shares were down 5.47 percent to $77.39 per share, while Abbott’s shares were down 0.56 percent to $42.93 per share.

According to Bloomberg, MedSec Holdings, Inc. told Muddy Waters three months ago that St. Jude Medical’s devices had a lack of encryption and authentication between devices, which could allow hackers to compromise the implanted devices. MedSec also has a short position in St. Jude Medical.

Muddy Waters and MedSec raised concerns about St. Jude Medical’s remote home monitoring equipment, which is used in pacemakers, defibrillators and cardiac resynchronization devices.

The Bloomberg article mentioned that there have been no publicly documented cases of hackers getting into medical devices to cause patient harm. Meanwhile, other cyber security experts downplayed the risk of hacking.

“The lack of a clear business model for making money from hacking medical devices suggests that it’s unlikely we will see the types of mass attacks,” Billy Rios, a top medical device hacker, told Bloomberg.