NEW YORK – The US Food and Drug Administration said on Thursday afternoon that nearly the entire Illumina sequencer lineup carries a cybersecurity vulnerability that could impact genomic data results or even result in a data breach.
In a letter to healthcare providers and laboratory personnel, the FDA said that the Universal Copy Service software in the Illumina NovaSeq 6000, NextSeq 500, NextSeq 550, NextSeq 550Dx NextSeq 1000/2000, iSeq 100, MiniSeq, MiSeq, and MiSeqDx sequencing instruments could be exploited to let an unauthorized user take remote control; alter settings, configurations, software, or data on the instrument or a customer's network; or impact data intended for use in clinical diagnosis, leading to no results, incorrect results, or altered results. Illumina iScan microarray scanners were also affected.
At the time of the letter, neither the FDA nor Illumina had received any reports indicating the vulnerability had been exploited. In a statement posted on LinkedIn, Illumina Chief Technology Officer Alex Aravanis said the issue was found during "ongoing efforts to assess potential vulnerabilities and exposures" and that the firm has developed a software patch to fix it.
According to the FDA letter, Illumina notified affected customers on April 5. How many customers were affected is not clear. Illumina declined to comment on the number of affected customers and how many of them have implemented the patch. In January, Illumina CEO Francis deSouza said the installed base of sequencers was more than 22,000.
Instruments running Windows 7 were not affected, an Illumina spokesperson said in an email.
The issue follows a separate cybersecurity vulnerability announced in June 2022, which affected software on Illumina's NextSeq 500/550/550Dx, MiSeq and MiSeqDx, iSeq, and MiniSeq instruments.