If you think there are a few missing elements from the header of the St. Jude Medical Inc. report, it’s for good reason. In late April, it was announced that the OEM was a part of the industry’s next mega merger. St. Jude Medical was being acquired by Abbott Laboratories for an estimated price of $25 billion. While the transaction didn’t formally close until after fiscal 2016 (just a few days into January 2017, actually), there is much more about the deal in the Abbott Laboratories report.
One result of the acquisition that did have a more direct impact on St. Jude Medical was the fact that employees would be saying goodbye to certain members of their device family upon the close of the Abbott transaction. Specifically, the companies had agreed to sell portions of their Vascular Closure and Electrophysiology businesses to Terumo Corporation for a price of $1.12 billion. Included in the deal were St. Jude’s Angio-Seal and Femoseal vascular closure products, as well as Abbott’s Vado Steerable Sheath.
Gaining even more headlines for St. Jude in 2016, however, was a very public dispute with short-selling firm Muddy Waters and cyber security company MedSec. MedSec issued a report that warned of cybersecurity concerns with St. Jude’s pacemakers and defribillators. The company claimed that hacks to these devices had two significant consequences, one resulting in the implanted device to pace at a potentially dangerous rate and another that would result in a drain of the batteries.
But the ethics behind the report were called into question due to the circumstances surrounding its release. According to a Reuters article on the matter, MedSec had approached Muddy Waters and a deal was completed between the two in which Carson Block, Muddy Waters’ head, would hire MedSec as a consultant, pay the company a licensing fee for research, and provide a percentage of any profits from the investment. At the time of the article, MedSec had been founded only 18 months earlier and the business model it was using was not necessarily seen by everyone as reputable. As a result, when Muddy Waters announced it was shorting St. Jude due to the findings of the report, it certainly raised a few eyebrows.
About a day after Muddy Waters’ announcement, St. Jude issued a statement refuting the report’s findings. “We have examined the allegations made by Muddy Waters Capital and MedSec on August 25, 2016 regarding the safety and security of our pacemakers and defibrillators, and while we would have preferred the opportunity to review a detailed account of the information, based on available information, we conclude that the report is false and misleading. Our top priority is to reassure our patients, caregivers, and physicians that our devices are secure and to ensure ongoing access to the proven clinical benefits of remote monitoring. St. Jude Medical stands behind the security and safety of our devices as confirmed by independent third parties and supported through our regulatory submissions.”
In its statement, St. Jude also addressed findings the report made, citing questionable testing methodology given the fact that the pacemaker would be implanted inside a patient, yet the report findings seemed to be provided for a device that was outside of the human body. Further, the OEM claimed that the report’s lack of details on the simulations that were run brings its findings into question.
Days later, St. Jude issued another statement, further refuting the allegations made by MedSec and Muddy Waters and those made in a video released by the firms. “Further demonstrating their fundamental lack of understanding of St. Jude Medical’s medical device technology, Muddy Waters Capital and MedSec presented a video yesterday that actually demonstrated the Radio Frequency Telemetry Lockout security feature of our pacemakers—not a ‘crash’ as they claimed. The video also confirms that the device’s clinical functions are operating as expected under these conditions.”
The following month, St. Jude Medical filed a lawsuit against Muddy Waters and MedSec, explaining that it was doing so to dissuade others from using a similar strategy as an attempt at financial gain. Muddy Waters followed up by hiring an additional security expert that supported the original MedSec findings.
Post fiscal 2016, a U.S. Food and Drug Administration (FDA) investigation called into question St. Jude’s statements as the government agency issued a warning letter to Abbott regarding the alleged cybersecurity concerns. The matter doesn’t seem to be resolved, but now Abbott Laboratories is on the hook for the issue as the new owner of St. Jude Medical. What the ultimate outcome is with regard to the cybersecurity issues and the devices will not likely be realized anytime soon. Hopefully, by the time it is, it’s a positive outcome where they have been resolved and not at the expense of a patient’s health or safety.
In the midst of all of this controversy between itself and Muddy Waters/MedSec, St. Jude announced that it was forming a Cyber Security Medical Advisory Board. Perhaps a reaction to the bad press regarding the concerns with its products or perhaps an honest attempt by a medical device firm to tackle this growing issue for the industry, the OEM stated that it recognized the need to address cybersecurity while balancing the care it provides to patients through its medical devices.
“Our mission is to deliver innovative technologies that save and improve lives,” Dr. Mark Carlson, then chief medical officer at St. Jude Medical, said in a press release that announced the formation of the board. “We take the cyber security of our devices very seriously and creating the Cyber Security Medical Advisory Board is one more demonstration of our ongoing commitment to advancing standards of patient care around the world without comprising safety and security.”
How the board will influence the cybersecurity of products under the leadership of Abbott will remain to be seen.
Given the number of releases the firm saw in 2016, an advisory board would be quite busy addressing all the potential cybersecurity issues. Not all of St. Jude’s new products were connected technologies, but a good number of them were. The notable product news in 2016 included:
- The FDA approval and U.S. launch of MultiPoint Pacing Technology, featured in the Quadra Assura MP cardiac resynchronization therapy (CRT) defibrillator, Quadra Allure MP CRT-pacemaker, and two quadripolar Quartet LV leads
- CE mark for the MRI compatibility of the Nanostim Leadless Pacemaker
- CE mark and launch of an expanded selection of Quadripolar Pacing Leads
- U.S. and European launch of the Trifecta Surgical Valve with Glide Technology for patients in need of aortic valve replacement
- U.S. launch and first commercial implants of dorsal root ganglion stimulation therapy
- EnSite Precision Cardiac Mapping System gets a limited market release in nine countries across Europe, followed later in the year by a full-market release; received FDA approval later in the year
- European launch of the PressureWire Guidewire Technology to measure pressure differences across narrowed coronary arteries
- CE mark approval and launch of SyncAV CRT software
- FDA approval of BurstDR Stimulation, a spinal cord stimulation option for patients suffering from chronic pain
- U.S. launch and first implant of Deep Brain Stimulation System and directional lead for patients suffering from movement disorders
- FDA clearance and launch of the PressureWire X Guidewire designed to optimize PCI procedures in patients with complex anatomies
- FDA approval and U.S. launch of the Amplatzer PFO Occluder, indicated to reduce the risk of recurrent ischemic stroke in patients with a PFO
- CE mark approval for MRI labeling of the Quadra Allure MP Cardiac Resynchronization Therapy Pacemaker
- CE mark approval for full body MR conditional labeling for the Proclaim Elite Spinal Cord Stimulation System