St. Jude Medical Refutes Muddy Waters Device Security Allegations and Reinforces Security of Devices and Commitment to Patient Safety
St. Jude Medical, Inc. (NYSE:STJ), a global medical device company, today issued the following statement: We have examined the allegations made by Capital and MedSec on August 25, 2016 regarding the safety and security of our pacemakers and defibrillators, and while we would have preferred the opportunity to review a detailed account of the information, based on available information, we conclude that the report is false and misleading. Our top priority is to reassure our patients, caregivers and physicians that our devices are secure and to ensure ongoing access to the proven clinical benefits of remote monitoring. St. Jude Medical stands behind the security and safety of our devices as confirmed by independent third parties and supported through our regulatory submissions.
Remote monitoring is a safe and effective means for patients to communicate with their physician. It has been well documented in leading publications that remote monitoring saves lives. At St. Jude Medical, we work with third-party experts, researchers, government agencies and regulators in cybersecurity to develop appropriate safeguards for our data and devices as part of our product development process and life cycle. These experts assist in designing security controls from the early stages of product design through final release and ongoing product enhancements, including software updates and security patches for our products. We also conduct regular risk assessments based on FDA guidance and perform penetration tests using internal and external experts. In addition, we collaborate with industry and governmental organizations to gain insight on recent trends and take appropriate action.
Our system provides an automated remote upgrade process for all Merlin@home units that are in active use so that security enhancements are automatically deployed when they become available. Merlin@home units that are not in active use and connected to the internet will also be upgraded when they return to use if a new update is available. Our analysis concluded that the majority of the observations in the report apply to older versions of the Merlin@home™ devices (i.e., those that have not been updated through the automated remote upgrade process). We are confident in the technology that we provide and in our process for continuously building upon our security protocols and processes. We want to reassure our patients that our systems meet the highest international security requirements, as required by regulatory authorities and international standards organizations.
Claims of remote battery depletion are misleading
The report claimed that the battery could be depleted at a 50-foot range. This is not possible since once the device is implanted into a patient, wireless communication has an approximate 7-foot range. This brings into question the entire testing methodology that has been used as the basis for the Muddy Waters Capital and MedSec report. In addition, in the described scenario it would require hundreds of hours of continuous and sustained “pings” within this distance. To put it plainly, a patient would need to remain immobile for days on end and the hacker would need to be within seven feet of the patient. In the unlikely instance that was to occur, the implanted devices are designed to provide a vibratory patient alert if the battery dips below a certain threshold to protect and notify patients.
The flawed test methodology on outdated software demonstrates fundamental lack of understanding of medical device technology
The report claimed that the system could be impaired, similar to when a computer system “crashes.” The report has little detail on this simulation and includes many inconsistencies. In fact, the screenshot of the Merlin programmer in the Muddy Water report shows a device that is functioning normally. The red items on the screen are highlighting the fact that there are no leads connected to the device. The device is pacing properly, at the programmed 40bpm. The screenshot shows expected behavior from the SecureSense algorithm when device is pacing without any connected leads.
St. Jude Medical will remain ever vigilant and dedicated to patient safety
Our software has been evaluated and assessed by several independent organizations and researchers including Deloitte and Optiv. In addition, Merlin.net was Safe Harbor certified by St. Jude Internal Audit in 2013 and annually since then. This includes an annual audit of key security controls within the Merlin.net environment and Merlin.net has received ISO 27001 certification since 2009. This includes an internal audit of security controls and an independent certification by a third party, BSI. In 2015, we successfully completed an upgrade to the ISO 27001:2013 certification.
Muddy Waters also makes numerous unsubstantiated statements that are speculative with no evidence shown to prove the claims such as an ability to impersonate any SJM device, reverse engineering to create a pocket-size programmer, and a large-scale attack through the Merlin network. However, we are not aware of such threats and will remain vigilant to the ever-increasing sophistication of those seeking access to devices/data and address any issues based on additional detail provided.
We recognize the importance of providing physicians with up-to-date and accurate information in a timely and responsible manner so that they can make informed patient care decisions. Our analysis reinforces the need for researchers and manufactures to work together to discuss and resolve potential issues together to avoid unnecessarily alarming patients.
St. Jude Medical is a strong supporter of responsible disclosure and proactively works with industry groups like NH-ISAC and ICS-CERT
We encourage anyone with product security questions to contact us at firstname.lastname@example.org. We ask anyone with an a potential cybersecurity vulnerability in a St. Jude Medical product to contact us at email@example.com for further inspection and analysis to best ensure we are able to validate and communicate information in the interest of patient safety.
Patient safety has always been our top priority and we have every reason to believe our devices are safe. Because we recognize cybersecurity is a concern for patients, it is also a priority for St. Jude Medical. We have a dedicated resource on sjm.com reinforcing our commitment to product and information security on our website.
About the Impact of the St. Jude Medical Remote Monitoring Portfolio
The St. Jude Medical Merlin.net Patient Care Network (PCN) is an award winning Radio frequency (RF) remote monitoring system designed to improve outcomes for patients with pacemakers, implantable cardioverter defibrillators (ICDs) and cardiac resynchronization defibrillators (CRT-Ds). With rapid access to their patient’s information through the secure Merlin.net PCN website, physicians can remotely monitor and assess patient device data and determine interventions needed. Recent research has shown that remote monitoring can improve patient survival while reducing hospitalizations and health care utilization.
In 2008, St. Jude Medical improved upon the exceptional security of the Merlin.net PCN by introducing the Merlin@home™ transmitter, which allows efficient remote care management and additional options for physicians to provide early intervention and improve health care efficiency. The data transferred by Merlin@home are fully encrypted and meet or exceed all applicable national data privacy and security requirements in all countries where the Merlin.net PCN is used. In addition, the Merlin.net PCN was the first cardiac device monitoring system to be awarded ISO/IEC 27001:2005 certification, a stringent worldwide information security standard, and our certification is audited, updated and current.
Remote monitoring of cardiac patients has become a best-practice over the past decade. In 2016, the Heart Rhythm Society has made remote monitoring the standard of care in its recent guidelines. St. Jude Medical has pioneered this life-saving capability with our RF Merlin.net Patient Care Network (PCN) and the Merlin@Home patient system. Dozens of studies continue to prove the positive impact on patient outcomes, and the reduction of healthcare costs.
Patients with questions about remote care from St. Jude Medical can call Remote Care Services at 1-877-MY MERLIN (1-877-696-3754).
About St. Jude Medical
St. Jude Medical is a leading global medical device manufacturer and is dedicated to transforming the treatment of some of the world's most expensive epidemic diseases. The company does this by developing cost-effective medical technologies that save and improve lives of patients around the world. Headquartered in St. Paul, Minn., St. Jude Medical employs approximately 18,000 people worldwide and has five major areas of focus that include heart failure, atrial fibrillation, neuromodulation, traditional cardiac rhythm management and cardiovascular. For more information, please visit sjm.com or follow us on Twitter @SJM_Media.
This news release contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 that involve risks and uncertainties. Such forward-looking statements include the expectations, plans and prospects for the company, including potential clinical successes, reimbursement strategies, anticipated regulatory approvals and future product launches, and projected revenues, margins, earnings and market shares. The statements made by the company are based upon management’s current expectations and are subject to certain risks and uncertainties that could cause actual results to differ materially from those described in the forward-looking statements. These risks and uncertainties include market conditions and other factors beyond the company’s control and the risk factors and other cautionary statements described in the company’s filings with the SEC, including those described in the Risk Factors and Cautionary Statements sections of the company’s Annual Report on Form 10-K for the fiscal year ended January 2, 2016 and Quarterly Report on Form 10-Q for the fiscal quarter ended July 2, 2016. The company does not intend to update these statements and undertakes no duty to any person to provide any such update under any circumstance.
Om Business Wire
(c) 2018 Business Wire, Inc., All rights reserved.
Business Wire, a Berkshire Hathaway company, is the global leader in multiplatform press release distribution.
Følg saker fra Business Wire
Registrer deg med din epostadresse under for å få de nyeste sakene fra Business Wire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra Business Wire
AURAK Enters into a Memorandum of Understanding with Al-Farabi Kazakh National University22.7.2018 09:52 | Pressemelding
The American University of Ras Al Khaimah (AURAK) President, Professor Hassan Hamdan Al Alkim, and the Al-Farabi Kazakh National University (KazNU) Rector, Professor Galimkair Mutanov, of the Republic of Kazakhstan, signed a Memorandum of Understanding (MoU), agreeing to exchange students, faculty, and research. This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20180722005025/en/ The Al-Farabi Kazakh National University (KazNU) Rector, Professor Galimkair Mutanov, of the Republic of Kazakhstan and the American University of Ras Al Khaimah (AURAK) President, Professor Hassan Hamdan Al Alkim, exchange a gift to commemorate their universities uniting in an MoU agreement. (Photo: AETOSWire) In the spirit of fostering a close international relationship between the Republic of Kazakhstan and the United Arab Emirates, developing bilateral relations in educational and scientific fields, and wishing to make their own contributions to the
Philip Morris International Announces Non-Executive Board Chairman Louis Camilleri to Assume CEO Role at Ferrari S.p.A.21.7.2018 18:19 | Pressemelding
The board of directors of Philip Morris International (NYSE:PM) has its board member, Sergio Marchionne, and his family in our thoughts and prayers during this challenging time. We congratulate our board chairman, Louis Camilleri, as he assumes the role of CEO of Ferrari S.p.A. The long term relationship between our two companies is deep and meaningful and we look forward to continued business collaboration. Mr. Camilleri will continue to serve as non-executive chairman of the PMI board. Philip Morris International: Who We Are We are a leading international tobacco company engaged in the manufacture and sale of cigarettes and other nicotine-containing products in markets outside the United States of America. We’re building our future on smoke-free products. Through multidisciplinary capabilities in product development, state-of-the-art facilities and scientific substantiation, we aim to ensure that our smoke-free products meet adult consumer preferences and rigorous regulatory requirem
Loxam Announces a Conditional Agreement to Acquire UK Platforms20.7.2018 14:51 | Pressemelding
Loxam Group (“Loxam”) announces that its wholly-owned subsidiary Nationwide Platforms Limited (“Nationwide”) has entered into a conditional agreement with HSS Hire Group plc (“HSS”) with respect to the acquisition of UK Platforms Limited (“UKP”). UKP specializes in renting powered access equipment from its 12 branches located throughout the United Kingdom. The company has approximately 130 employees and operates a fleet of 3,000 units. UKP is controlled by HSS since 2013. As part of this transaction, Nationwide has entered into a commercial agreement with HSS to provide powered access equipment to complement HSS’ existing fleet. The closing of the transaction is subject to the approval by HSS’ shareholders and the confirmation that it will not be referred to the Competition and Mergers Authority. The transaction is expected to close before year end 2018. Don Kenny, CEO of Loxam’s Powered Access Division states: “I am delighted with the acquisition of UKP which will further reinforce NW
Schlumberger Announces Second-Quarter 2018 Results20.7.2018 11:00 | Pressemelding
Schlumberger Limited (NYSE: SLB) today reported results for the second quarter of 2018. (Stated in millions, except per share amounts) Three Months Ended Change Jun. 30, 2018 Mar. 31, 2018 Jun. 30, 2017 Sequential Year-on-year Revenue $8,303 $7,829 $7,462 6% 11% Pretax operating income $1,094 $974 $950 12% 15% Pretax operating margin 13.2% 12.4% 12.7% 75 bps 45 bps Net income - GAAP basis $430 $525 $(74) -18% n/m Net income, excluding charges & credits* $594 $525 $488 13% 22% Diluted EPS - GAAP basis $0.31 $0.38 $(0.05) -18% n/m Diluted EPS, excluding charges & credits* $0.43 $0.38 $0.35 13% 23% *These are non-GAAP financial measures. See section below entitled "Charges & Credits" for details. n/m = not meaningful Schlumberger Chairman and CEO Paal Kibsgaard commented, “The second quarter was both busy and exciting for Schlumberger as we completed a number of major milestones in preparation for the broad-based global activity upturn that is now emerging. We delivered solid top-line gro
H.I.G. Capital Announces the Sale of KidsFoundation19.7.2018 19:50 | Pressemelding
H.I.G. Capital (“H.I.G.”), a leading global private equity investment firm with more than €21 billion of equity capital under management, announced today that one of its affiliates has entered a definitive agreement to sell the KidsFoundation Group (“KidsFoundation”), the Dutch market leader in childcare services, to Onex Corporation (“Onex”)(TSX:ONEX). Terms were not disclosed. Headquartered in Almere, the Netherlands, KidsFoundation provides high-quality childcare to nearly 30,000 children between the ages of six weeks and 12 years. H.I.G. created KidsFoundation in 2014 through the acquisition of assets from the estate of Estro Group. During H.I.G.’s ownership, the company has developed strongly with significant capital invested by H.I.G. to create a high-quality childcare offering. H.I.G. worked with KidsFoundation management to optimise the footprint of the company by exiting loss-making locations, introduce new IT systems to drive operational improvement and develop an internal M&
SIG Combibloc Group Holdings S.à r.l.: 2018 Second Quarter Results19.7.2018 16:01 | Pressemelding
We are pleased to announce our quarterly conference call to discuss the results of SIG Combibloc Group Holdings S.à r.l. for the second quarter ended June 30, 2018. Date: Monday, July 23, 2018 Time: 15.00 CEST / 14.00 BST / 9.00 EDT The call information will be distributed on our secure site. If you would like access to our call, please contact firstname.lastname@example.org . Regards, SIG Combibloc Group Holdings S.à r.l. View source version on businesswire.com: https://www.businesswire.com/news/home/20180719005634/en/ Contact information SIG Combibloc Group Holdings S.à r.l. Jennifer Gough email@example.com