A research organization is alleging cardiac devices developed by St. Jude Medical are highly vulnerable to cybersecurity threats that could be harmful to people who use the devices, reports The Star Tribune.
Muddy Waters Research released a report saying it saw demonstrations of two types of cyberattacks against St. Jude's implantable cardiac devices. One of the purported witnessed attacks caused the device to malfunction by pacing at a potentially dangerous rate, and the other attack drained the device battery.
"We find STJ cardiac devices' vulnerabilities orders of magnitude more worrying than the medical device hacks that have been publicly discussed in the past," Muddy Waters said in a statement.
St. Jude Medical, based in St. Paul, Minn., denies the allegations. "The allegations are absolutely untrue," Phil Ebeling, St. Jude Medical CTO, told The Star Tribune. "There are several layers of security measures in place. We conduct security assessments on an ongoing basis and work with external experts on…all our devices."
Muddy Waters said in its report it expects remedying the security vulnerabilities should take at least two years.
St. Jude stocks fell 8 percent within 90 minutes of Muddy Waters' allegations. After regaining some of its value, it ended Thursday down 5 percent, according to The Star Tribune.
More articles on cybersecurity:
HIMSS: Nearly a third of hospitals transmit patient data unencrypted
80% of providers reported security incidences in 2016: 7 findings from HIMSS' cybersecurity update
Lack of cybersecurity talent leaves companies worldwide in a bind