Illumina Settles With DOJ, Veterans to End Whistleblower Lawsuit Over Genomic Sequencing Systems with Cybersecurity Vulnerabilities

Illumina Inc. has agreed to pay $9.8 million to settle allegations it knowingly sold genomic sequencing systems with cybersecurity vulnerabilities to US government agencies. The settlement stems from a whistleblower lawsuit filed by Erica Lenore, who will receive $1.9 million. The allegations involved false claims submitted between 2016 and 2023 for Illumina's genomic sequencing systems, which included models like MiSeq Dx, NextSeq 500, and NextSeq 2000. The company has denied the allegations and admitted no wrongdoing.

Illumina Inc., a leading provider of genomic sequencing systems, has agreed to pay $9.8 million to settle allegations that it knowingly sold genomic sequencing systems with cybersecurity vulnerabilities to US government agencies. The settlement, announced on July 31, 2025, stems from a whistleblower lawsuit filed by Erica Lenore, a former Director for Platform Management, On-Market Portfolio at Illumina. Lenore will receive $1.9 million as her share of the settlement [1].

The allegations, which span from February 2016 to September 2023, include false claims submitted for Illumina's genomic sequencing systems, such as MiSeq Dx, NextSeq 500, and NextSeq 2000. The government contended that Illumina failed to incorporate cybersecurity into its software design, development, installation, and on-market monitoring. Additionally, the company was accused of failing to properly support and resource personnel, systems, and processes tasked with product security and falsely representing that the software adhered to cybersecurity standards [2].

The settlement underscores the importance of cybersecurity in handling genetic information and the Department's commitment to ensuring that federal contractors adhere to requirements to protect sensitive information from cyber threats [1]. This case is part of a broader trend where the Department of Justice (DOJ) is increasingly focusing on cybersecurity violations under the False Claims Act (FCA) [3].

Illumina has denied the allegations and stated that it is not making any admissions related to the claims. The company noted that it has successfully remediated the software issues from 2022 to 2024 [2]. Despite the denial, Illumina decided to settle the matter due to the "uncertainty, expense, and distraction" of litigating the case [2].

The settlement highlights the need for companies to stay vigilant and comply with regulatory and contractual requirements, especially in the realm of cybersecurity. As the DOJ continues to enforce the FCA, companies must ensure they have adequate security programs and systems to identify and address vulnerabilities.

References:
[1] https://www.justice.gov/opa/pr/illumina-inc-pay-98m-resolve-false-claims-act-allegations-arising-cybersecurity
[2] https://www.medtechdive.com/news/cyber-fraud-settlement-genomic-testing-company/756637/
[3] https://www.mintz.com/insights-center/viewpoints/2146/2025-08-04-false-sense-security-doj-announces-false-claims-act