August 29 Video Shows a St. Jude Medical Device Security Feature, Not a
ST. PAUL, Minn.--(BUSINESS WIRE)--
St. Jude Medical, Inc. (NYSE:STJ), a global medical device company,
today issued the following statement:
Patients are our highest priority. St. Jude Medical takes our commitment
to patients very seriously because we understand that the 20,000
patients around the world who receive our lifesaving and life improving
therapies –– every business day –– count on us to always put them first.
And we do.
“The allegations made by Muddy Waters and MedSec are irresponsible,
misleading and unnecessarily frightening patients,” said Michael T.
Rousseau President and chief executive officer at St. Jude Medical. “We
want our patients to know that they can feel secure about the
cybersecurity protections in place on our devices. This behavior speaks
volumes about the profit-seeking motives and integrity of these
Further demonstrating their fundamental lack of understanding of St.
Jude Medical’s medical device technology, Muddy Waters Capital and
MedSec presented a video yesterday that actually demonstrated the Radio
Frequency (RF) Telemetry Lockout security feature of our pacemakers –
not a “crash” as they claimed. The video also confirms that the device’s
clinical functions are operating as expected under these conditions.
“The video clearly shows a security feature, not a flaw. The pacemaker
is actually functioning as designed. If attacked, our pacemakers place
themselves into a “safe” mode to ensure the device continues to work,
which further proves our commitment to safety and security,” said Phil
Ebeling, vice president and chief technology officer at St. Jude Medical.
We have safeguards in place to mitigate so-called “crash attacks”
St. Jude Medical devices are designed to go into a life-sustaining
“safe” mode, as a safeguard, if unexpected conditions are detected.
These safeguards will put the device into safe mode where the
preprogrammed pacing and defibrillation functions of the implantable
medical devices revert to safe settings. In addition, some of our
devices, by design, disable further RF communications for a period of
time, which may appear to the untrained eye as having rendered the
device disabled, although it continues to function.
As part of our commitment to continuous investment in our technology,
St. Jude Medical devices have built-in measures to reduce the risk of
unauthorized commands being issued to our implantable devices. In
addition we have an ongoing focus to continually strengthen our security
systems in the ever changing cybersecurity environment. For example:
Access controls help protect the Merlin@home™ operating
system from unauthorized access
The lack of built-in programming commands in Merlin@home help ensure
that therapy is provided through the implanted device only at the
direction of the physician
Proprietary implantable medical device protocols protect
communications with the implantable device
Encryption of session authentication between the implantable medical
device and Merlin@home further enhances device security
The limited Medical Implant Communication Services (MICS) wireless
range restricts accessibility of communications with the implantable
“Patient safety is and has always been our top priority,” said Mark
Carlson, M.D., vice president and chief medical officer at St. Jude
Medical. “Our devices are safe and we have taken and continue to take
appropriate steps to address the dynamic challenges of cyber security.
We do this because it is the responsible thing to do for the patients
and physicians who rely on our devices.”
About St. Jude Medical
St. Jude Medical is a leading global medical device manufacturer and is
dedicated to transforming the treatment of some of the world's most
expensive epidemic diseases. The company does this by developing
cost-effective medical technologies that save and improve lives of
patients around the world.
Headquartered in St. Paul, Minn., St. Jude Medical employs approximately
18,000 people worldwide and has five major areas of focus that include
heart failure, atrial fibrillation, neuromodulation, traditional cardiac
rhythm management and cardiovascular. For more information, please visit sjm.com
or follow us on Twitter @SJM_Media.
This news release contains forward-looking statements within the meaning
of the Private Securities Litigation Reform Act of 1995 that involve
risks and uncertainties. Such forward-looking statements include the
expectations, plans and prospects for the company, including potential
clinical successes, reimbursement strategies, anticipated regulatory
approvals and future product launches, and projected revenues, margins,
earnings and market shares. The statements made by the company are based
upon management’s current expectations and are subject to certain risks
and uncertainties that could cause actual results to differ materially
from those described in the forward-looking statements. These risks and
uncertainties include market conditions and other factors beyond the
company’s control and the risk factors and other cautionary statements
described in the company’s filings with the SEC, including those
described in the Risk Factors and Cautionary Statements sections of the
company’s Annual Report on Form 10-K for the fiscal year ended January
2, 2016 and Quarterly Report on Form 10-Q for the fiscal quarter ended
July 2, 2016. The company does not intend to update these statements and
undertakes no duty to any person to provide any such update under any
View source version on businesswire.com: http://www.businesswire.com/news/home/20160830005740/en/
Source: St. Jude Medical, Inc.