Skip to main content
close search
site logo

Illumina gets cybersecurity warning from FDA over sequencing software

The vulnerability could result in an attacker gaining remote control of an instrument and altering genomic data results, the agency said.

Published April 27, 2023 Updated April 28, 2023
By
Reporter
A scientist's hand using an Illumina MiSeq gene sequencing machine
An Illumina MiSeq gene sequencing machine. Courtesy of Illumina

A cybersecurity vulnerability in Illumina DNA sequencing instruments could allow an unauthorized user to take control of the devices remotely or alter genomic data results, the U.S. Food and Drug Administration said Thursday in a warning to healthcare providers and laboratory personnel.

The DNA-sequencing company first notified customers on April 5, issuing an Urgent Medical Device Recall, the FDA said. Customers using the machines only for research purposes received a less severe warning, called a product quality notification.

The vulnerability could allow intruders to access or alter genomic information intended for clinical diagnosis, and could cause the instruments to provide incorrect results or no results at all, the agency warned in the letter posted on its website.

Risk of an unauthorized user exploiting the vulnerability include altering settings, configurations, software or data on the instrument or on a customer’s network, the FDA said.

The agency urged affected Illumina customers to immediately download and install a software patch developed by Illumina.

Illumina said in a separate statement that it identified the vulnerability internally, as part of routine work, in its proprietary software for certain instruments. It then developed mitigations to protect the devices and customers.
“We then contacted and worked in close partnership with regulators and customers to address the issue with a simple software update at no cost, requiring little to no downtime for most,” Illumina Chief Technology Officer Alex Aravanis said in a statement posted to his LinkedIn account.

The problem affects the Universal Copy Service software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 sequencing instruments.

Neither the FDA nor the company have received any reports of the vulnerability being exploited at this time, the agency said. The FDA is working with Illumina and the Cybersecurity and Infrastructure Security Agency to identify and prevent adverse events related to the vulnerability.

The warning comes about a year after the agencies issued an alert about similar cybersecurity vulnerabilities affecting the local run manager software on several Illumina devices.

Updates with comment from Illumina.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Powerful Medical Becomes the First Company to Win Best Science Startup and Overall Winner at A…
From Powerful Medical
November 21, 2024
Osteal Therapeutics Announces Positive 12-Month Results from the APEX Clinical Trial Program a…
From Osteal Therapeutics
November 14, 2024
Lunit Shows Promise of AI in Predicting Immunotherapy Response for Rare Cancer Patients at SIT…
From Lunit
November 10, 2024
SYNDEO Medical Announces European MDR Approval for Two Product Brands
From SYNDEO Medical
November 06, 2024
Editors' picks
Latest in Medical Devices
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell