Genomic sequencing systems manufacturer Illumina Inc. agreed to pay $9.8 million to resolve allegations that it sold systems with cybersecurity vulnerabilities to federal agencies.
The settlement resolves allegations that, between February 2016 and September 2023, Illumina violated the False Claims Act when it sold government agencies genomic sequencing systems with software that had cybersecurity vulnerabilities, without having an adequate security program and sufficient quality systems to identify and address those vulnerabilities.
The U.S. contended that Illumina:
- Failed to incorporate product cybersecurity in its software design, development, installation and on-market monitoring
- Failed to properly support and resource personnel, systems and processes tasked with product security
- Failed to adequately correct design features that introduced cybersecurity vulnerabilities in the genomic sequencing systems
- Falsely represented that the software on the genomic sequencing systems adhered to cybersecurity standards, including standards of the International Organization for Standardization and National Institute of Standards and Technology
The settlement resolves a lawsuit filed under the whistleblower provisions of the False Claims Act. The settlement in this case provides for the whistleblower, Erica Lenore, the former platform management director at Illumina, to receive $1.9 million as her share of the settlement.
