The U.S. Food and Drug Administration (FDA) is informing laboratory personnel and healthcare providers about a cybersecurity vulnerability affecting software in the Illumina NextSeq 550Dx, the MiSeqDx, the NextSeq 500, NextSeq 550, MiSeq, iSeq, and MiniSeq, next generation sequencing instruments, according to a news release.
These instruments are medical devices that may be specified either for clinical diagnostic use in sequencing a person’s DNA or testing for various genetic conditions, or for research use only (RUO). Some of these instruments have a dual boot mode that allows a user to operate them in either clinical diagnostic mode or RUO mode. Devices intended for RUO are typically in a development stage and must be labeled “For Research Use Only. Not for use in diagnostic procedures.” – though many laboratories may be using them with tests for clinical diagnostic use.
The cybersecurity vulnerability affects the Local Run Manager (LRM) software. An unauthorized user could exploit the vulnerability by:
- taking control of the instrument remotely;
- operating the system to alter settings, configurations, software, or data on the instrument or a customer’s network; or
- impacting patient test results in the instruments intended for clinical diagnosis, including causing the instruments to provide no results or incorrect results, altered results, or a potential data breach.
Illumina has developed a software patch to protect against the exploitation of this vulnerability and is working to provide a permanent software fix for current and future instruments. The FDA wants laboratory personnel and healthcare providers to be aware of the required actions to mitigate these cybersecurity risks.
The FDA is working with Illumina and coordinating with the CISA to identify, communicate, and prevent adverse events related to this cybersecurity vulnerability. The FDA will continue to keep healthcare providers and laboratory personnel informed if new or additional information becomes available.
The FDA encourages users to report any adverse events or suspected adverse events experienced with Illumina’s next generation sequencing instruments.
