The FDA is warning healthcare providers of a cybersecurity vulnerability affecting software used in multiple Illumina DNA sequencing instruments either for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or for research use only (RUO). 

An unauthorized user could exploit the vulnerability by taking control remotely; altering settings, configurations, software, or data on the instrument or a customer’s network; or impacting genomic data results in the instruments intended for clinical diagnosis. This could include causing the instruments to provide no results, incorrect results, altered results, or a potential data breach. 

Neither the FDA nor Illumina have received any reports of this vulnerability being exploited. But to prevent any potential issues, llumina has developed a software patch to protect against the exploitation of this vulnerability.

To mitigate cybersecurity risk, It is recommended that everyone immediately download and install the software patch for all affected instruments.

If needed, customers can contact [email protected] for instructions about other ways to install the software patch if not connected to the internet. 

The company recommends immediately contacting [email protected] if you suspect your instrument may have been compromised by an unauthorized user.

Medical device models affected by this Illumina software cybersecurity vulnerability include the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000. 

For more information about Illumina’s cybersecurity vulnerability, see the Cybersecurity and Infrastructure Security Agency (CISA) published advisory, ICSMA-23-117-01 Illumina Universal Copy Service.