>> A startling allegation of life and death proportions made against St. Jude Thursday. Reuters cybersecurity correspondent, Jim Finkle.>> Allegations are that there are security vulnerabilities in products from St. Jude that connect to pacemakers and defibrillators that are implanted inside of patients. And what these people are saying is that it would be possible for an attacker to communicate with those devices.
And do things to make them malfunction, potentially causing patient harm.>> The damaging claim that St. Jude's cardiac devices can be hacked coming from Muddy Waters, a Wall Street investment firm that is betting the stock will fall. And there's more to the warning. Carson Block, who heads up the firm, tweeting half of St. Jude's revenues could disappear in about two years because he thinks the safety risk will force a product recall.
The assertion serious enough to spook investors who quickly cut the stock down by as much as 8% in heavy volume. The perceived threat is all based on research done by MedSec. A less than two year old cybersecurity firm that is coming under scrutiny for taking the unprecedented move of ignoring a cybersecurity industry practice.
>> They decided to, rather than approach the company directly and try to get them fixed, to go to a short seller and engage in this new business model. Which is to have the research licensed by Muddy Waters, to get a consulting fee, and then a percentage of any profits they make from their short on St. Jude.
>> Reuters was unable to confirm the report's findings. But St. Jude, which is in the process of being bought by Abbott Laboratories, said the conclusions are, quote, absolutely untrue. Adding, there are several layers of security measures in place which are under constant review.