Source: United States Attorneys General
Illumina Inc. has agreed to pay $9.8 million to resolve allegations that it violated the False Claims Act when it sold to federal agencies certain genomic sequencing systems with cybersecurity vulnerabilities. Illumina is a Delaware corporation, headquartered in California, that manufactured and sold genomic sequencing systems throughout the United States.
The settlement resolves allegations that, between February 2016 and September 2023, Illumina sold government agencies genomic sequencing systems with software that had cybersecurity vulnerabilities, without having an adequate security program and sufficient quality systems to identify and address those vulnerabilities. Specifically, the United States contended that Illumina knowingly failed to incorporate product cybersecurity in its software design, development, installation, and on-market monitoring; failed to properly support and resource personnel, systems, and processes tasked with product security; failed to adequately correct design features that introduced cybersecurity vulnerabilities in the genomic sequencing systems; and falsely represented that the software on the genomic sequencing systems adhered to cybersecurity standards, including standards of the International Organization for Standardization and National Institute of Standards and Technology.
“Companies that sell products to the federal government will be held accountable for failing to adhere to cybersecurity standards and protecting against cybersecurity risks,” said Assistant Attorney General Brett A. Shumate of the Justice Department’s Civil Division. “This settlement underscores the importance of cybersecurity in handling genetic information and the Department’s commitment to ensuring that federal contractors adhere to requirements to protect sensitive information from cyber threats.”
“This settlement demonstrates our continuing commitment to combat cybersecurity risks by ensuring that federal contractors protect private and sensitive government information.” said Acting U.S. Attorney Sara Bloom for the District of Rhode Island.
“This settlement demonstrates our continued commitment to work with our law enforcement partners and the Department of Justice to ensure companies fulfill their contractual obligations,” said Acting Special Agent in Charge Christopher M. Silvestro of the Defense Criminal Investigative Service (DCIS) Northeast Field Office, the law enforcement arm of the Department of Defense’s Office of Inspector General. “Safeguarding the validity of Department of Defense research and data is vital to supporting the warfighter.”
“Significant damage can result from a failure to adhere to required cybersecurity standards, especially when the systems involved include sensitive genomic data,” said Special Agent in Charge Roberto Coviello of the U.S. Department of Health and Human Services Office of Inspector General (HHS-OIG). “HHS-OIG and our law enforcement partners remain dedicated to ensuring that entities who do business with the government uphold their cybersecurity obligations.”
The settlement resolves a lawsuit filed under the whistleblower provisions of the False Claims Act, which permit private parties to sue on behalf of the government when a defendant has submitted false claims for government funds and receive a share of any recovery. The settlement in this case provides for the whistleblower, Erica Lenore, a former Director for Platform Management, On-Market Portfolio at Illumina, to receive $1,900,000 as her share of the settlement. The qui tam case is captioned United States ex. rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.).
The resolution obtained in this matter was the result of a coordinated effort between the Justice Department’s Civil Division, Commercial Litigation Branch, Fraud Section, and the United States Attorney’s Office for the District of Rhode Island, with assistance from DCIS, the Army Criminal Investigation Division, the HHS Office of the Inspector General, and the Department of Commerce Office of the Inspector General.
The matter was investigated by Trial Attorney Erin Colleran of the Justice Department’s Civil Division and Acting U.S. Attorney Sara Bloom of the District of Rhode Island.
The claims resolved by the settlement are allegations only and there has been no determination of liability.