The U.S. Food and Drug Administration (FDA) last week warned healthcare providers and laboratory personnel about a cybersecurity vulnerability affecting software in Illumina instruments that may be specified either for clinical diagnostic use in sequencing a person’s DNA for various genetic conditions or for research use only (RUO).
The sequencing instruments are the MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000.
An unauthorized user could exploit a vulnerability in the instruments' Universal Copy Service (UCS) software by taking control remotely; altering settings, configurations, software, or data on the instrument or a customer’s network; or impacting genomic data results in the instruments intended for clinical diagnosis, the FDA said Thursday.
The potential impact on genomic data results includes causing the instruments to provide no results, incorrect results, or altered results, as well as enabling a possible data breach.
On April 5, Illumina sent notifications to affected customers instructing them to check their instruments and medical devices for signs that the software vulnerability had been exploited. The FDA and Illumina have so far not received any reports that the vulnerability has been exploited. Additionally, Illumina has developed a software patch to protect against the cybersecurity vulnerability being exploited.
The FDA said that it is working with Illumina to identify, communicate, and prevent adverse events related to the software vulnerability.