Genomic sequencing giant Illumina Inc. has agreed to pay $9.8 million to settle federal allegations that it knowingly sold cybersecurity-vulnerable genetic testing systems to U.S. government agencies over a seven-year period.
The settlement, announced Thursday by the Department of Justice, represents a groundbreaking case that highlights growing federal scrutiny of cybersecurity practices in the biotechnology sector.
The Justice Department alleged that between February 2016 and September 2023, the Delaware-incorporated, California-headquartered company violated the False Claims Act by systematically failing to implement adequate cybersecurity measures in its genomic sequencing systems sold to federal agencies.
According to the settlement agreement, Illumina knowingly failed to incorporate proper cybersecurity protocols in its software design, development, installation, and ongoing monitoring processes.
The government’s investigation revealed that Illumina lacked sufficient quality systems to identify and address cybersecurity vulnerabilities affecting its genomic sequencing platforms.
The company allegedly failed to properly support personnel and systems responsible for product security while falsely representing that its software adhered to established cybersecurity standards from the International Organization for Standardization (ISO) and the National Institute of Standards and Technology (NIST).
Cybersecurity Vulnerabilities
The case came to light through a whistleblower lawsuit filed by Erica Lenore, Illumina’s former Director for Platform Management, On-Market Portfolio, who will receive $1.9 million as her share of the settlement under the False Claims Act’s qui tam provisions.
Lenore’s complaint, filed in September 2023, marked what legal experts describe as a first-of-its-kind case involving alleged cybersecurity violations of FDA-regulated medical devices used for both research and clinical purpose.
The lawsuit alleged that despite Illumina’s assurances, Lenore faced retaliation and was ultimately terminated for raising concerns about the company’s cybersecurity practices.
Her legal team at Tycko & Zavareei LLP emphasized that the settlement demonstrates the critical role whistleblowers play in exposing cybersecurity failures that could compromise sensitive government information and patient data.
Federal Enforcement Signals
The settlement underscores the Justice Department’s expanding focus on cybersecurity enforcement in the healthcare sector, which handles highly confidential patient genetic information.
“Companies that sell products to the federal government will be held accountable for failing to adhere to cybersecurity standards and protecting against cybersecurity risks,” said Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division.
Multiple federal agencies participated in the investigation, including the Defense Criminal Investigative Service, Army Criminal Investigation Division, HHS Office of Inspector General, and Department of Commerce Office of Inspector General.
Acting Special Agent in Charge Christopher M. Silvestro of DCIS emphasized that “safeguarding the validity of Department of Defense research and data is vital to supporting the warfighter”.
Illumina denied the allegations but agreed to settle “to avoid the uncertainty, expense, and distraction of litigation,” according to a company spokesperson.
The company stated that the software issues at the center of the case were successfully remediated between 2022 and 2024, and emphasized its ongoing commitment to data security and cybersecurity best practices.
The settlement serves as a stark reminder that cybersecurity compliance failures can result in significant financial penalties, even without evidence of actual data breaches, as federal prosecutors increasingly prioritize protecting sensitive government systems and information.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
