But let’s see where it comes from.
While Illumina has yet to receive any reports that this vulnerability has been exploited, according to a letter to healthcare providers from the US Food and Drug Administration, bad actors could take control of the devices, alter software and patient test results or compromise a provider’s results. network and exfiltrate protected data.
WHY IT MATTERS
The FDA on Thursday issued a statement for healthcare providers and laboratory personnel regarding the necessary actions to be taken to mitigate cybersecurity risks in Illumina’s sequencing instruments: MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 505, Next NextSeq 1000/2000 and NovaSeq 6000.
The cybersecurity vulnerability affects the universal copy service in various versions of operating and device control software, according to the Cybersecurity and Infrastructure Agency’s medical advice.
The FDA urges owners of genomic devices to review the Medical Device Urgent Recall Notice or Product Quality Notice for Investigators sent on April 5, install the patch, and contact Illumina for assistance or to report suspected device compromise.
The agency notes that some laboratories may be using Illumina genomic sequencing devices for clinical diagnostic use.
Illumina just rang the bell at the Nasdaq MarketSite in Times Square on March 30, according to its website.
The 25-year-old genomics company supports genetics program researchers and providers, such as those at Children’s Mercy Research Institute working on Genomic Answers for Children.
“The more than 9,500 researchers and clinicians we serve are using these incredible advances in science to transform human health in ways unimaginable 25 years ago,” said Susan Tousi, Chief Commercial Officer, Illumina.
“How to diagnose rare diseases in a matter of days. Or, catch the deadliest cancers at stage 1 or stage 0… or use genetics to fight climate change.”
The GA4K program in Kansas City, Mo., aims to sequence 30,000 children and their parents and announced a recent milestone of providing more than 1,000 rare disease diagnoses to families, Illumina says.
THE BIGGEST TREND
In addition to the FDA and CISA, the Federal Bureau of Investigation is also urging healthcare organizations to stay on top of medical device cybersecurity.
The agency says the risks from outdated software and the lack of security features in older hardware in unpatched active medical devices are becoming increasingly concentrated. Vulnerabilities can affect patient safety, data confidentiality and integrity, and disrupt the delivery of care.
Genomic data is of particular concern in a data breach.
A notable cyber breach of Massachusetts General Hospital’s neurology department exposed the protected health information, including genetic information, of approximately 10,000 people.
According to Washington Post on the risks of genetic data, the stakes may be higher at the geopolitical level. Last year, when French President Emmanuel Macron met with Russian President Vladimir Putin, Macron refused a Russian coronavirus test and they sat at opposite ends of a dining room table that could comfortably seat 18 to 20 people, WaPo noted.
The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence recently published a draft internal report on the cybersecurity of genomic data that describes how the data can be used for population surveillance , oppression and extortion.
NCCoE says current policies, guidelines and technical controls inadequately address these risks and accepted public comments on the report until April 3.
“The characteristics of genomic data compared to other high-value data sets pose some unique cybersecurity and privacy challenges that are inadequately addressed by current policies, guidance and technical controls,” NCCoE said in a statement .
IN THE REGISTRY
“FDA is working with Illumina and coordinating with CISA to identify, communicate, and prevent adverse events related to this cybersecurity vulnerability,” the agency said in its letter to healthcare providers.
“FDA will continue to keep healthcare providers and laboratory personnel informed if new or additional information becomes available.”
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
Tech company Ikaroa has been observing the recent advice the U.S. Food and Drug Administration (FDA) and Cybersecurity and Infrastructure Security Agency (CISA) have provided on guarding against cybersecurity threats related to genomic device software.
The organizations have commented on the potential risks related to such technology and how they can be addressed. Specifically, they have advised entities to take steps to address known vulnerabilities in the software associated with genomic devices, specifically software used in sequencing and analyzing genomic data.
The FDA and CISA have recommended that entities patch their genomic device software with approved security updates. This is a critical step in addressing software vulnerabilities which can lead to exploitation of the genomic device software, leading to the potential for manipulation of data or disruption of system functionality. Additionally the organizations have encouraged further protective measures such as limiting user access to genomic device hardware or software, as well as implementing encryption or other available security services.
At Ikaroa, we are actively working on addressing software vulnerabilities by providing comprehensive technical consultations, helping organizations identify existing vulnerabilities in their existing software and guiding them in the direction of taking proactive measures. We understand how imperative it is that organizations’ software is protected and secure, and the importance of applying security updates in order to mitigate risks in their genomic device applications.
As genomic device software continues to become more important to the ways in which organizations operate, understanding and addressing cybersecurity threats associated with the technology is becoming increasingly necessary. With Ikaroa’s services, we are helping to ensure genomic device software is adequately protected and safeguarded against any potential cyber threats.