Illumina Hit with $9.8 Million Fine Over Cybersecurity Flaws in Genomic Tech Supplied to U.S. Agencies

Genomic sequencing company Illumina Inc. has agreed to pay $9.8 million to resolve federal allegations that it sold cybersecurity-compromised equipment to government agencies, marking a significant enforcement action in the intersection of biotechnology and national security.

Major Settlement Addresses Seven-Year Period

The Delaware-based corporation, headquartered in California, reached a settlement to resolve False Claims Act allegations spanning from February 2016 to September 2023.

During this period, federal prosecutors alleged that Illumina knowingly sold genomic sequencing systems to government agencies despite being aware of significant cybersecurity vulnerabilities in the software.

The Justice Department’s investigation revealed that Illumina allegedly failed to maintain adequate security programs and quality systems necessary to identify and address cybersecurity risks.

Specifically, the government contended that the company failed to incorporate proper cybersecurity measures in software design, development, installation, and ongoing market monitoring processes.

Cybersecurity Standards at Center of Allegations

Federal prosecutors alleged that Illumina made false representations about its software’s adherence to established cybersecurity standards, including those set by the International Organization for Standardization and the National Institute of Standards and Technology.

The company also allegedly failed to adequately support personnel, systems, and processes responsible for product security, and did not properly correct design features that created cybersecurity vulnerabilities.

“Companies that sell products to the federal government will be held accountable for failing to adhere to cybersecurity standards and protecting against cybersecurity risks,” said Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division.

The settlement underscores growing federal emphasis on cybersecurity compliance, particularly involving sensitive genetic information.

Whistleblower Receives Substantial Reward

The case originated through a whistleblower lawsuit filed under the False Claims Act’s qui tam provisions.

Erica Lenore, a former Director for Platform Management at Illumina, will receive $1,900,000 as her share of the settlement.

Lenore’s case, filed in the U.S. District Court for Rhode Island, exemplifies the federal government’s reliance on insider knowledge to identify contractor violations.

Acting U.S. Attorney Sara Bloom for the District of Rhode Island emphasized the settlement’s broader implications: “This settlement demonstrates our continuing commitment to combat cybersecurity risks by ensuring that federal contractors protect private and sensitive government information”.

Multi-Agency Investigation Yields Results

The investigation involved coordination between multiple federal agencies, including the Defense Criminal Investigative Service, HHS Office of Inspector General, Army Criminal Investigation Division, and Department of Commerce Office of Inspector General.

This multi-agency approach reflects the cross-departmental implications of cybersecurity failures in genomic sequencing technology.

The settlement resolves only allegations, with no determination of liability established.

However, the case signals intensified federal scrutiny of cybersecurity practices among government contractors handling sensitive biological and genetic data.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Illumina Hit with $9.8 Million Fine Over Cybersecurity Flaws in Genomic Tech Supplied to U.S. Agencies appeared first on Cyber Security News.