Illumina is paying about $10 million because they sold FDA regulated products to the US Government that weren’t meeting FDA cybersecurity requirements for a regulated device, not for an actual cybersecurity breach. One has to wonder what other False Claims Act suits could be pursued by Department of Justice (DOJ) against companies that sell FDA regulated products to the US Government. This could get particularly difficult if DOJ went after quality system breakdowns. Or even more apt in our times would be a company representing that their AI is not a regulated device per the the FDA Clinical Decision Support guidance, when these representations are simply not correct, whether by naivety or willful ignorance, and a device is a FDA regulated product and the FDA asserts as much.
August 12, 2025
