Illumina Settles Allegations of Cyber Vulnerabilities in Genomic Sequencing for $9.8M

Illumina Inc. has agreed to pay $9.8 million to resolve allegations that it violated the False Claims Act after the company sold genomic sequencing systems with cybersecurity vulnerabilities to federal agencies, according to the U.S. Department of Justice.

Illumina, headquartered in California, manufactured and sold genomic sequencing systems throughout the U.S. The settlement resolves allegations that between 2016 and 2023, Illumina sold government agencies genomic sequencing systems with software that had cybersecurity vulnerabilities, without having an adequate security program and systems to identify and address those vulnerabilities, according to the DOJ.

The government contended that Illumina knowingly failed to: incorporate product cybersecurity in its software design, development, installation, and on-market monitoring; failed to properly support and resource personnel, systems, and processes tasked with product security; failed to correct design features that introduced cybersecurity vulnerabilities in the genomic sequencing systems; and falsely represented that the software on the genomic sequencing systems adhered to cybersecurity standards.

The settlement resolves a lawsuit filed under the whistleblower provisions of the False Claims Act, in which private parties can sue on behalf of the government when a defendant has submitted false claims for government funds and receive a share of any recovery. The settlement in this case provides for the whistleblower, Erica Lenore, a former director for platform management, on-market portfolio at Illumina, to receive $1.9 million as her share of the settlement. The qui tam case is United States ex. rel. Lenore v. Illumina Inc.

The claims resolved by the settlement are allegations; there has been no determination of liability.