Illumina Product Security

Protecting the integrity, confidentiality, and security is essential to ensuring product safety and reliability. This section provides security-related information, including bulletins, patches, and documentation, to help customers and partners understand and address potential risks. 

Introducing the Illumina Product Security Portal

At Illumina, we believe safeguarding sensitive data is foundational to genomic innovation and customers are the heart of everything we do. As part of our ongoing commitment to security, we are pleased to introduce the Product Security Portal — a centralized resource designed to help customers and partners access product security information with ease.

Developed by our expert cybersecurity professionals, and informatics teams, and based on feedback from our global community, the Portal offers timely access to vulnerability disclosures, security bulletins, patches, best practices, and product security documentation.

 

Illumina Coordinated Vulnerability Disclosure Program

As software and technology continue to become more integrated in our products, Illumina recognizes cybersecurity to be an important element in managing risk across the total product lifecycle. Cybersecurity threats are evolving, and they have the potential to not only impact the confidentiality, integrity, and availability of a product, but also its effectiveness in its intended use. 

Illumina maintains a dedicated Product Security team responsible for evaluating and implementing security controls, managing cybersecurity risk across our various product lines, and executing our cybersecurity post-market product surveillance and support program.

We recognize and appreciate the value provided by our customers and security researchers in identifying cybersecurity risks on Illumina’s products and look forward to collaborating with those partners in good faith.

Scope of Coordinated Vulnerability Disclosure Program 

The scope of the Illumina Coordinated Vulnerability Disclosure Program includes on-market products and associated SaaS applications (e.g. BaseSpace Sequence Hub, Illumina Connected Analytics, Illumina Connected Insights, Correlation Engine, ClarityLIMS, Emedgene). Infrastructure and software owned and used by Illumina in operating its business are out of scope of this Coordinated Vulnerability Disclosure Program. Additionally, the Coordinated Vulnerability Disclosure Program should not be used for submitting adverse events or product quality complaints. Please follow the appropriate processes laid out by the individual product lines for reporting these types of issues.

As a part of our Coordinated Vulnerability Disclosure Program, Illumina will be using this page to post cybersecurity bulletins related to vulnerabilities and their potential impact to Illumina products. For any additional questions or comments related to product security at Illumina, please contact your service representative and/or the product security team.

How to contact Illumina Product Security:

Upon identifying a potential vulnerability in an Illumina product, please contact the Product Security team via email as soon as possible using Pretty Good Privacy (PGP) encryption as follows:

In the email, please provide all relevant technical information regarding the vulnerability, including, but not limited to:

  • Product(s) affected
  • URL (if applicable)
  • Steps needed to replicate the potential issue (screenshots welcome)
  • Plans on public disclosure (if applicable)
  • Awareness of active exploitation (if applicable)

Do not include any personally identifiable information (PII) or individually identifiable health information (IIHI) in the message.

Expectations of researchers

For any research being conducted on Illumina products, we ask researchers to:

  • Perform testing in a safe environment and manner
  • Not test or alter a production system in any way
  • Not use devices in production that have been altered
  • Not weaponize the research, nor create an active exploit
  • Engage with Illumina before making any public disclosure

Expectations of Illumina

After receiving notice of a potential vulnerability, Illumina will:

  • Review all submitted information and acknowledge receipt within 5 business days
  • Request additional information, if required, to enable a full review of the submission 
  • Initiate our internal Case Response processes, which may include: 
    • Internal replication of potential vulnerabilities 
    • Risk evaluation activities 
    • Mitigation/remediation planning and execution 
    • External communications
  • Work diligently in providing updates to the submitter, as necessary 

Use of Information

If you share any information with Illumina, you agree that the information you submit will be considered as non-proprietary and non-confidential, and that Illumina is allowed to use such information in good faith, in any manner, in whole or in part, and without any restriction.

Bulletins

Our security bulletins keep you up to date on vulnerabilities and what they mean for your Illumina instruments and software. Each bulletin clearly outlines which products are affected and, if customer action is needed, provides straightforward instructions to help you respond quickly and effectively.

 

space

Patches

We understand the importance of both speed and simplicity when addressing security, so patches and product updates are designed to be easy to access and implement. This page includes details on patch releases, installation instructions, and best practices to ensure your software remains secure and up to date.

Documentation

Our documentation library is built by the same experts who design and secure Illumina’s products, combining deep product knowledge with proven security practices. Here, customers will find comprehensive resources including best practices, configuration guides, and security architecture overviews.

Report a security concern

If you identify a potential vulnerability in an Illumina product, please contact us via email as soon as possible utilizing PGP (Pretty Good Privacy encryption program) as outlined below:

Key ID:  B286E33E2CCD79B5 
PGP Location:  https://keys.openpgp.org/

vdp@illumina.com

Contact tech support

We welcome ongoing dialogue. If you identify a concern or have suggestions for improvement, we encourage you to contact us. We value the opportunity to collaborate with you in protecting sensitive data and advancing discovery.  Reach out about technical product questions, service issues, or any other support-related questions:

techsupport@illumina.com

Get instructions for sharing your desktop while working with Technical Support.

Share Desktop