Illumina Fined $9.8M for Cybersecurity Flaws in Genomic Tools Sold to U.S. Agencies

Illumina Inc., a leading genomic sequencing company, has agreed to pay $9.8 million to settle federal allegations that it knowingly sold cybersecurity-vulnerable genomic sequencing systems to government agencies while misrepresenting their security standards.

The settlement resolves claims spanning over seven years of alleged violations that put sensitive genetic information at risk across multiple federal departments.

Settlement Details and Timeline

The Delaware-based corporation, headquartered in California, faced allegations under the False Claims Act for conduct occurring between February 2016 and September 2023.

During this period, federal prosecutors contended that Illumina sold genomic sequencing systems containing software with significant cybersecurity vulnerabilities to government agencies without maintaining adequate security programs to identify and address these flaws.

The Department of Justice alleged that Illumina systematically failed to incorporate proper cybersecurity measures into its software design, development, installation, and ongoing market monitoring processes.

Additionally, the company allegedly failed to adequately support personnel and systems responsible for product security while neglecting to correct design features that introduced cybersecurity vulnerabilities.

Central to the government’s case were allegations that Illumina falsely represented its software as adhering to established cybersecurity standards, including those set by the International Organization for Standardization and the National Institute of Standards and Technology.

These misrepresentations allegedly allowed the company to secure federal contracts while delivering products that failed to meet promised security specifications.

“Companies that sell products to the federal government will be held accountable for failing to adhere to cybersecurity standards and protecting against cybersecurity risks,” stated Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division.

The settlement emphasizes the critical importance of cybersecurity when handling genetic information and demonstrates federal commitment to ensuring contractor compliance with security requirements.

Acting U.S. Attorney Sara Bloom for the District of Rhode Island reinforced this message, highlighting the government’s dedication to combating cybersecurity risks by ensuring federal contractors protect sensitive government information.

Defense Criminal Investigative Service Acting Special Agent in Charge Christopher M. Silvestro emphasized the vital importance of safeguarding Department of Defense research and data integrity.

The resolution originated from a lawsuit filed under the False Claims Act’s whistleblower provisions by Erica Lenore, a former Director for Platform Management at Illumina.

Under the settlement terms, Lenore will receive $1.9 million as her share of the recovery, reflecting the significant role whistleblowers play in exposing government contractor misconduct.

The settlement resulted from coordinated efforts between the Justice Department’s Civil Division, the U.S. Attorney’s Office for the District of Rhode Island, and multiple investigative agencies including the Defense Criminal Investigative Service, Army Criminal Investigation Division, and inspector general offices from Health and Human Services and Commerce departments.

The comprehensive investigation underscores the serious nature of cybersecurity violations involving sensitive genomic data and federal security standards.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!