The US Food and Drug Administration (FDA) has released a statement urging healthcare providers and laboratory personnel to take necessary actions to mitigate cybersecurity risks in Illumina’s sequencing instruments. The FDA’s alert comes after a cybersecurity vulnerability was discovered that could allow bad actors to take control of the devices and compromise patient test results or exfiltrate protected data. The FDA has urged genomic device owners to review the urgent medical device recall notice, install the patch, and also contact Illumina for support or to report suspicion of device compromise. The agency notes that some laboratories may be using Illumina genomic sequencing devices for clinical diagnostic use.
Illumina, a 25-year-old genomics company that supports researchers and providers of genetics programs, is fresh from ringing the bell at the Nasdaq MarketSite in Times Square on March 30. The company has more than 9,500 researchers and clinicians who are using advances in science to transform human health. Illumina is known for supporting programs such as Genomic Answers for Kids (GA4K), which aims to sequence 30,000 children and their parents, and recently announced a milestone of providing more than 1,000 rare disease diagnoses to families.
The FDA’s alert comes at a time when the Federal Bureau of Investigation (FBI) is also urging healthcare organizations to stay on top of medical device cybersecurity. The agency says risks stemming from outdated software and a lack of security features in older hardware on unpatched, active medical devices are increasingly being targeted. The vulnerabilities can affect patient safety, data confidentiality, and integrity and interrupt care delivery.
Genomic data is of particular concern in a data breach. A notable cyber breach of Massachusetts General Hospital’s neurology department exposed the protected health information, including genetic information, of approximately 10,000 people. According to a Washington Post report on genetic data risks, the stakes may be highest at a geopolitical level. The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology recently published a draft internal report on genomic data cybersecurity describing how the data can be used for population surveillance, oppression, and extortion. The NCCoE says current policies, guidance, and technical controls inadequately address these risks and accepts public comments on the report through April 3.
