Providers are urged to immediately patch certain Illumina devices that contain vulnerabilities, three of which are ranked as 10 in severity. Pictured: A sign for the Food And Drug Administration is seen outside of the headquarters on July 20, 2020 in White Oak, Maryland. (Photo by Sarah Silbiger/Getty Images)
Providers should “immediately download and install” a patch for certain Illumina devices, which the manufacturer issued last month. The software update fixes critical flaws in a range of devices that could put patient safety at risk, according to an FDA letter to the healthcare sector.
The Cybersecurity Infrastructure and Security Agency released an alert on June 2, detailing the vulnerabilities found in certain Illumina In Vitro Diagnostic devices and Researcher Use Only (ROU) instruments. The platforms rely on Local Run Manager (LRM) software, which contain a number of high-severity vulnerabilities.
Illumina issued the software update to its healthcare clients last month. As the healthcare sector often struggles with patch management and prioritization, the FDA and CISA warnings should move the vulnerable Illumina products to the top of the patching queue.
The LRM used in these products contain five vulnerabilities, of which, 10 are ranked critical in severity. The 10.0 base score is a rare occurrence, let alone three 10.0 scores for one element. For reference, the prolific Log4j also received a 10-ranking.
The 10.0 vulnerabilities in the LRM include ‘execution with unnecessary privileges,’ meaning the LRM uses elevated privileges. CISA warns that an unauthenticated threat actors could