Endpoint Security , Healthcare , Industry Specific

Illumina, Feds Say Genetic Testing Gear at Risk of Hacking

Feds Warn of Vulnerabilities Affecting Illumina's Universal Copy Service Software
Illumina, Feds Say Genetic Testing Gear at Risk of Hacking
Flaws in Illumina's Universal Copy Service software could allow hackers to take over certain genetic testing gear, warn federal authorities. (Image: Illumina)

Federal authorities are warning that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks.

See Also: Frost Radar™ on Healthcare IoT Security in the United States

The FDA said the vulnerabilities affect Illumina's proprietary Universal Copy Service software. An Illumina spokesman explains that the UCS "enables data transfer from our instruments."*

Illumina posted a list of affected devices.

In a separate Thursday alert, the Cybersecurity and Infrastructure Security Agency warned that a remote code execution bug tracked as CVE-2023-1966 allows hackers to "change settings, configurations, software, or access sensitive data."

Another, CVE-2023-1968, allows attackers to use UCS to listen on all IP addresses in a network, including those capable of accepting remote communications.

Alex Aravanis, Illumina chief technology officer, in a post Thursday on LinkedIn said that upon identifying the vulnerabilities, "our team worked diligently to develop mitigations to protect our instruments and customers."

The company is providing customers with "a simple software update at no cost, requiring little to no downtime for most" to address the issues, he said.

Besides the software updates, CISA also recommended users take "defensive measures" to minimize the risk of exploitation of these vulnerabilities.

That includes minimizing network exposure for all control system devices and ensuring they are not accessible from the internet. Should a company decide it needs remote access, it should use a virtual private network to access the devices, CISA said.

Update April 28, 2023 UTC 17:54: Illumina's provided description of what the UCS does in the company's instruments.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.