Illumina fined $9.8M for selling DNA sequencers with cybersecurity flaws to U.S. agencies

More Articles

Tejaswini Deshmukh
Tejaswini Deshmukh is the contributing editor of RegTech Times, specializing in defense, regulations and technologies. She analyzes military innovations, cybersecurity threats, and geopolitical risks shaping national security. With a Master’s from Pune University, she closely tracks defense policies, sanctions, and enforcement actions. She is also a Certified Sanctions Screening Expert. Her work highlights regulatory challenges in defense technology and global security frameworks. Tejaswini provides sharp insights into emerging threats and compliance in the defense sector.

Illumina Inc., a leading biotechnology company, has agreed to pay $9.8 million to settle allegations that it sold genomic sequencing systems with serious cybersecurity flaws to U.S. federal agencies. These products, used between 2016 and 2023, were reportedly not secure enough to protect sensitive data, including genetic information. The government claims that Illumina failed to meet key cybersecurity standards and misled federal agencies about the safety of its systems.

DNA Systems at Risk: What Went Wrong

The U.S. government alleged that Illumina sold DNA sequencing equipment with software vulnerabilities that could expose confidential data to cyber threats. These systems were used in critical departments, including defense and health agencies. The technology processes genomic data, which is extremely private and valuable.

According to officials, Illumina:

  • Did not build cybersecurity into the system’s design and development
  • Failed to monitor products after they were sold
  • Lacked proper teams and tools to find and fix software weaknesses
  • Misrepresented that their products met key cybersecurity standards

Government investigators said these gaps in security could have put sensitive information at risk, including personal and research data. The sequencing systems allegedly did not meet requirements set by organizations like the National Institute of Standards and Technology (NIST) and the International Organization for Standardization (ISO).

Ukraine hacks 100TB of Russian government data — massive cyber attack exposes Kremlin secrets

These standards are in place to help protect federal systems and the public’s private data. When companies don’t meet them, the risk of cyberattacks or data breaches increases — especially dangerous when the information includes genetic codes.

Whistleblower Speaks Up and Sparks Investigation

The case came to light through a whistleblower report filed under the False Claims Act, a law that allows individuals to report fraud involving government funds. The whistleblower, Erica Lenore, previously worked as a senior manager at Illumina and claimed that the company knowingly failed to fix or report the cybersecurity problems in its systems.

Thanks to her information, the government launched a full investigation. As a result of her role in uncovering the issues, Lenore will receive $1.9 million from the settlement — a reward built into the law for helping recover government funds.

The lawsuit was officially filed as United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), in the federal court system. This legal action is part of ongoing efforts to ensure government contractors follow rules that protect sensitive and classified data.

Rogue Soldier John Wagenius Turned Cyber Phantom! U.S. Army Hacker Admits $1M Telecom Extortion Plot

The case was handled by the Justice Department’s Civil Division and the U.S. Attorney’s Office for the District of Rhode Island, with support from several federal investigative agencies.

Why Cybersecurity Matters for Government Contractors

Government officials emphasized that this case is a strong reminder: any company selling products or services to the federal government must follow strict cybersecurity rules. This is especially true when handling sensitive health or defense data.

Agencies involved in the investigation, including the Department of Defense and Department of Health and Human Services, said companies must be held responsible when they do not meet legal requirements. Equipment with flaws that could lead to data leaks or hacking creates risks not just for agencies, but for national security and public trust.

Even though Illumina agreed to pay the $9.8 million to resolve the matter, the company did not admit any wrongdoing. The claims remain allegations, and no court has made a formal ruling on liability.

The government says it will continue to use the False Claims Act to ensure that contractors who cut corners or mislead agencies are held accountable. Cybersecurity is not just a technical detail — it’s a legal responsibility when working with federal systems.

To read the original order please visit DOJ website

error: Content is protected !!
Exit mobile version