Illumina, Feds Say Genetic Testing Gear at Risk of Hacking – Source: www.databreachtoday.com

Endpoint Security
,
Healthcare
,
Industry Specific

Feds Warn of Vulnerabilities Affecting Illumina’s Universal Copy Service Software

Marianne Kolbasuk McGee (HealthInfoSec) •
April 27, 2023    

Federal authorities are warning that hackers could take over genetic testing devices manufactured by Illumina, although neither the manufacturer nor the Food and Drug Administration has received reports of attacks.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

The FDA said the vulnerabilities affect Illumina’s proprietary Universal Copy Service software. Illumina posted a list of affected devices.

In a separate Thursday alert, the Cybersecurity and Infrastructure Security Agency warned that a remote code execution bug tracked as CVE-2023-1966 allows hackers to “change settings, configurations, software, or access sensitive data.”

Another, CVE-2023-1968, allows attackers to use UCS to listen on all IP addresses in a network, including those capable of accepting remote communications.

Alex Aravanis, Illumina chief technology officer, in a post Thursday on LinkedIn said that upon identifying the vulnerabilities, “our team worked diligently to develop mitigations to protect our instruments and customers.”

The company is providing customers with “a simple software update at no cost, requiring little to no downtime for most” to address the issues, he said.

Besides the software updates, CISA also recommended users take “defensive measures” to minimize the risk of exploitation of these vulnerabilities.

That includes minimizing network exposure for all control system devices and ensuring they are not accessible from the internet. Should a company decide it needs remote access, it should use a virtual private network to access the devices, CISA said.

Illumina did not immediately respond to Information Security Media Group’s request for additional details.