Sept 7 (Reuters) - St. Jude Medical will face an uphill battle in its corporate defamation lawsuit over a short-seller’s report that said the medical device company’s heart implants were vulnerable to cyber attacks, lawyers familiar with such cases said.
The Minnesota-based company on Wednesday sued short-selling firm Muddy Waters and cyber security company MedSec Holdings Ltd in Minneapolis federal court, saying they intentionally distributed false information in an Aug. 25 report to manipulate St Jude’s stock price. Muddy Waters placed a bet that the shares would fall.
In a statement, Muddy Waters and MedSec Holdings said they would “vigorously defend our right to criticize a company that puts its profits before its patients.”
The right to free speech will be hard for St Jude to overcome. The First Amendment of the U.S. Constitution is the “first line of defense” in defamation lawsuits brought against short-sellers, researchers, analysts, bloggers and anyone else whose opinion of a company may have influenced its stock price, said Michael Asaro of Akin Gump, who specializes in white-collar and regulatory investigations and litigation.
In defamation cases generally, the plaintiff must prove the defendant’s statements were false. For public figures, such as politicians or celebrities, there is an added burden of showing statements were not just false, but also published willfully and maliciously.
Under Minnesota law, St Jude, as a company whose products have health implications, will almost certainly be considered a public figure and have to meet that tougher standard, said Minneapolis media lawyer Mark Anfinson, who has his own practice.
But that does not necessarily mean Muddy Waters and MedSec are out of the woods, Anfinson said. The actual malice defense, more commonly wielded by the press, may not prove as powerful for a short-seller with a financial motive to cause a stock to fall.
“They may not get the benefit of the doubt” on malice, said Anfinson.
Muddy Waters said in its report that St. Jude’s pacemakers and defibrillators, which are used to regulate heart rhythm and treat cardiac arrest, had cyber security flaws that enabled them to be hacked and manipulated, with potentially fatal consequences.
St Jude was unsparing in its complaint.
“Only driving down the stock price by defaming [Cardiac Rhythm Management] Devices with market-bombshell scare tactics could make the short-positioned Defendants richer - with the very unfortunate (and despicable) concomitant result of fueling significant concern and fear in patients and their families,” the company said.
In a pair of high-profile cases in recent years, defamation claims against short-sellers failed on free speech grounds.
Last year, a San Francisco federal judge threw out a lawsuit brought by casino magnate Steve Wynn against short-seller James Chanos over comments Chanos made at a conference. The judge awarded Chanos more than $420,000 in attorneys’ fees.
A New York judge ruled in 2012 against a Canadian silver producer, finding negative reports circulated by hedge funds were constitutionally protected opinions.
Muddy Waters said its report was an expression of opinion. The report raised the possibility of product recalls and St. Jude’s revenue disappearing for two years while safety problems were fixed.
MedSec had a financial arrangement with Muddy Waters in which the firm agreed to hire MedSec as a consultant, pay it a licensing fee for research and a percentage of any profits from the investment.
Speaking generally, white-collar lawyer Asaro said the guiding principle was that even wrong opinions could be protected, so long as they were made in good faith and the underlying facts were presented fairly. “Where people get into trouble is where they misrepresent the facts,” Asaro said. “That’s why these cases are so fact-specific.”
Muddy Waters has courted controversy before with its criticism of companies whose stocks it bet against. Two targets of those comments, rice trader Olam International and bankrupt Chinese timber company Sino-Forest, sued Muddy Waters in Singapore and Canada, respectively. The cases were later dropped.
“St. Jude Medical now joins the ranks of Sino-Forest and Olam International as companies that have filed frivolous lawsuits against us for criticizing them,” said Muddy Waters founder Carson Block in an email.
St. Jude’s spokeswoman Candace Steele Flippin said the company is “confident in its legal position and took this action because of the irresponsible manner in which the defendants have acted.”
Aside from any question of legal wrongdoing, some industry experts are troubled by MedSec’s arrangement with Muddy Waters.
“I think it would be a dark day if we go down this path,” said Kevin Fu, a University of Michigan scientist who a decade ago pioneered research into heart-device vulnerabilities.
Fu said researchers should abide by voluntary industry guidelines for vulnerability disclosures in which researchers typically give companies time to fix flaws before going public.
IOActive, NCC Group and Optiv, three prominent firms that provide vulnerability consulting, said they would not enter into an arrangement with short-sellers.
Yet some argue that the public interest is served by such an alliance.
Andrea Matwyshyn, a Northeastern University computer scientist, said she supported using research to short a stock because the approach pressures companies to be more upfront about the risks associated with security bugs. (Reporting by Jessica Dye and Jim Finkle; Editing by Anthony Lin and Grant McCool)
Our Standards: The Thomson Reuters Trust Principles.