Medical device security
FDA Asks Users of Illumina’s DNA Sequencers to Patch Cybersecurity Exploit
The Food and Drug Administration has advised users of Illumina’s newer DNA sequencing devices to urgently patch their systems to address a cybersecurity vulnerability.
According to the FDA, the software flaw could allow unauthorized users to remotely control the device, alter its settings and that of the user’s network or manipulate patient test results.
The list of affected devices includes the Illumina NextSeq 550Dx, the MiSeqDx, the NextSeq 500, NextSeq 550, MiSeq, iSeq and MiniSeq the FDA said.
Affected users should review the urgent safety and product quality notifications that Illumina sent to users on May 3, the agency said.
Illumina advised users of its devices to check for signs of the vulnerability’s exploitation. The FDA said that neither Illumina nor the government has received reports of such a case.
The agency added that Illumina is actively working on a permanent cybersecurity fix for the affected equipment and for future ones.
Device owners may submit voluntary reports through the FDA’s MedWatch product monitoring program. The FDA said it will provide health care providers and laboratory staffers updates when new information becomes available.
The Cybersecurity and Infrastructure Security Agency released its own advisory on the exploit, noting that it impacts a critical infrastructure sector.
CISA advised affected users to ensure that control system devices are not connected to the internet, isolate control system networks from the business network and use virtual private networks when remote access is required.
Tags: critical infrastructure cybersecurity DNA sequencing exploit FDA Illumina medical device MedWatch