NHLBI RECOVER Cybersecurity Program

The RECOVER program is a billion-dollar strategic investment being made by the US Government to understand and treat the post-acute sequelae of SARS-CoV-2 infection, including but not limited to the syndrome commonly known as "Long COVID". This program is complex involving hundreds of participating clinical sites supported by a Data Resource Core (DRC) that provides data management and analytic services to the RECOVER investigators. In addition, there are data repositories and analytical platforms focused on specific data domains where the data will reside for public use including mobile health data, medical imaging, pathology imaging, clinical, observational and electronic health record (EHR) data. These components are being provided by a the NHLBI BioData Catalyst, Sage BioNetworks, Ambra and involves participation from both commercial and academic entities. The program has high public visibility, is working with sensitive data including PII/PHI and has high importance to the people of the United States. As such, it is a target for cyber threats from all kinds of actors with the primary threats being theft of intellectual property, compromise and damage to data, loss of public trust, and theft of intellectual property. Therefore, the leadership of the RECOVER program has determined that a dedicated cybersecurity program is required in order to mitigate the risks to the extent possible given funding constraints.