Statement from Bishop Fox on Muddy Waters and MedSec Response to St. Jude Medical Lawsuit
Posted on Oct 24, 2016 6:41:40 AM
Bishop Fox cannot comment on the pending litigation between Muddy Waters, MedSec and St. Jude Medical. We can confirm that Bishop Fox was engaged by legal counsel for the Defendants after St. Jude Medical filed their lawsuit on September 7, 2016, in order for counsel to provide an opinion on MedSec’s research into security vulnerabilities pertaining to St. Jude Medical devices.
Bishop Fox’s analysis was conducted at MedSec’s headquarters in Miami, Florida from September 26-29, 2016 by two Bishop Fox consultants, Carl Livitt and Baker Hamilton, and four independent third-party subject matter expert consultants: Drew Porter, founder of Red Mesa, specializing in radio frequency security; Joe Grand, founder of Grand Idea Studio, specializing in hardware security; Nick Selby, Director at Secure Ideas Response Team, specializing in cyber security incident response, legal compliance, and forensics; and Matthew D. Green, Assistant Professor at Johns Hopkins University, specializing in cryptography (collectively referred to as the “Bishop Fox Team”). Further analysis was performed by two Bishop Fox consultants, Carl Livitt and Rob Ragan, on October 17, 2016.
MedSec provided all of the St. Jude Medical devices and exploits used during the engagement. The Bishop Fox Team relied exclusively on information provided by MedSec researchers in order to reproduce their findings, as well as attacks based on the same research. At no point did the Bishop Fox Team engage in any form of research or development; our scope of work was limited to independent evaluation of MedSec’s research.
Following the conclusion of our efforts, Carl Livitt of Bishop Fox was retained to provide an opinion for the Defense in the ongoing lawsuit.
The Bishop Fox Team’s involvement in this matter is strictly limited to providing technical verification of security matters relating to the St. Jude Medical lawsuit, and no position is held in respect to St. Jude Medical, Muddy Waters, MedSec, the outcome of any litigation, or the effect on financial markets. Any statements made, or actions taken, by MedSec or Muddy Waters outside the matters on which the Bishop Fox Team opined or evaluated are wholly their own and do not necessarily represent the opinions of Bishop Fox or the independent verification team. The Bishop Fox Team stands by the results of the independent analysis we conducted, and will continue to remain impartially focused on technical security matters.
Please contact Amy Blumenthal at 617-879-1511 or firstname.lastname@example.org with any additional questions you may have.