Contrarian Corpus
⌘K
Corpus / Muddy Waters St. Jude Medical
short seller research note follow up
2016-08-29 · 6 pages

St. Jude Medical STJ

STJ's rebuttal to Muddy Waters' cybersecurity short report is 80% fluff and 20% substance, with admissions and deception cues that confirm its cardiac devices remain unsafe and need recall.

N 4 Narrative
V 1 Visual
C 1 Craft
Source URL unavailable

Thesis

On August 29, 2016, Muddy Waters Capital published a follow-up rebutting St. Jude Medical's response to its August 25 short report alleging severe cybersecurity vulnerabilities in STJ's Merlin@home transmitters, pacemakers, and ICDs. Carson Block argues STJ's reply was roughly 80% fluff and 20% substance, and even the substance contained admissions: STJ conceded the 'majority' of findings apply to older devices, implicitly confirming issues remain. MWC counters STJ's seven-foot proximity defense by citing software-defined radio attacks, open UART/JTAG/SPI interfaces, removable NAND, and unencrypted programmer hard drives — hardware flaws software patches cannot fix. A former CIA behavioral analyst's credibility assessment identifies clustered deception indicators (Convincing Statements, Exclusionary Qualifiers, Perception Qualifiers, Borrowed Credibility, Diversion Narrative) throughout STJ's rebuttal, concluding STJ's agenda is to reassure the market rather than fix the devices.

SCQA

Situation

St. Jude Medical sells implantable cardiac devices and Merlin@home home-monitoring transmitters to hundreds of thousands of patients, relying on wireless communication protocols to transmit sensitive medical data.

Complication

STJ's August 26 response to MWC's short thesis was rushed, thin on substance, and contained tacit admissions that vulnerabilities persist; hardware-level flaws (UART/JTAG/SPI, removable NAND, unencrypted programmers) cannot be patched by software.

Resolution

STJ should recall and remediate affected devices rather than manage market perception; investors should read the rebuttal's deception indicators and price in continued regulatory and product-liability risk.

Reward

No explicit price target in this follow-up; the implied reward is sustained downside on STJ equity as recall/remediation costs and reputational harm materialize, reinforcing MWC's original short thesis.

The three reasons

  1. 1

    STJ's rebuttal admitted vulnerabilities still exist on current devices

  2. 2

    Hardware flaws (open UART/JTAG, removable NAND) cannot be patched by software updates

  3. 3

    Former CIA behavioral analyst flags deception indicators throughout STJ's response

Primary demands

  • Recall and remediate vulnerable STJ cardiac devices (Merlin@home, ICDs, pacemakers)
  • Acknowledge that software updates alone cannot fix hardware-level security flaws (open UART/JTAG/SPI, removable NAND, unencrypted programmers)
  • Explain the crashed-pacemaker attack video posted by MedSec/MWC

KPIs cited

Substance vs. fluff ratio of STJ response
~20% substance / ~80% fluff per MWC assessment
Proximity required for attack per STJ
Seven feet from a Merlin@home — dismissed by MWC given sleeping patients and SDR amplification
Scope of vulnerabilities acknowledged by STJ
STJ concedes the 'majority' of MWC findings apply to older, non-updated Merlin@home devices

Pattern membership

Where this document fits across the library's 12 rhetorical / structural patterns.

Villain named

St. Jude Medical management

CEO quote contradiction

Present
Before / after framing

Peer-gap chart

Sum of parts

Fraud exposé

Yes
Break-up / spinoff

Governance / board

Management change

Proxy fight

Top visual craft

1/5
Masterclass

N:4 V:1

Notable slides (3)

Notes

Short-seller follow-up memo (6 pages, Word/letter format with Muddy Waters header and lengthy Terms of Service on page 1). Notable for embedding a third-party 'Credibility Assessment' by a former CIA behavioral analyst/polygrapher that catalogs rhetorical deception patterns (Convincing Statements, Exclusionary Qualifiers, Perception Qualifiers, Borrowed Credibility, Diversion Narrative) in STJ's rebuttal — a distinctive rhetorical move worth studying. No charts, no valuation work; purely textual rebuttal. Part of the landmark 2016 MWC/MedSec short campaign against STJ around implantable-device cybersecurity.

More from Muddy Waters

Muddy Waters 2026-03-17

SoFi Technologies, Inc. SOFI

SoFi's $1,054M reported 2025 EBITDA is ~90% inflated via manipulated charge-off rates, off-balance-sheet VIEs and subsidized seller-financed sales that feed CEO Noto's comp — real EBITDA is ~$103M.

N5 V3 C3
Muddy Waters 2025-01-15

FTAI Aviation Ltd. FTAI

FTAI is a dressed-up engine-leasing business posing as a high-margin MRO — whole-engine sales counted as three modules and intra-segment depreciation transfers fabricate the aerospace-aftermarket story.

N5 V3 C3
Muddy Waters 2024-11-20

e.l.f. Beauty, Inc. ELF

ELF's imports collapsed while inventory and revenue kept soaring; reconciling the two suggests $138-188mm of overstated sales and a likely fraud.

N5 V3 C3
Muddy Waters 2021-12-16

KE Holdings BEKE

BEKE is systemic fraud: platform scraping and field work show new-home GTV inflated ~126%, revenues inflated 77-96%, with ghost stores, clone stores, and a sham acquisition masking the deception.

N5 V2 C2
Muddy Waters 2021-03-03

XL Fleet Corp XL

XL Fleet is SPAC trash: salespeople were paid to fabricate pipeline, most touted customers are inactive, ROI is actually negative, and the stock is worth a fraction of its billion-dollar SPAC valuation.

N5 V3 C3
Muddy Waters 2020-11-18

Joyy Inc. YY

JOYY is a multibillion-dollar fraud: ~90% of YY Live and ~80% of Bigo revenue is fabricated via bots and gift roundtripping, and Baidu's pending $3.6bn acquisition is buying air.

N5 V2 C2