UF leads the way in protecting research data from cyber threats

As cybercrime becomes increasingly sophisticated, leading to more data breaches and ransomware attacks, colleges and universities are facing strict requirements to keep their research information secure. The University of Florida is at the forefront of this initiative, with its supercomputer HiPerGator setting the standard for safeguarding data in its $1.33 billion research portfolio.

With funding from a National Science Foundation grant, UF is one of more than 350 higher education institutions working to protect data and elevate the impact of regulated research. This collaboration is known as the Regulated Research Community of Practice, or RRCoP – a network of research institutions that support each other through navigating compliance regulations and implementing cybersecurity programs.

“We share information and learn from each other,” said Erik Deumens, Ph.D., the senior director of Information Technology Research Computing at UF. “That’s the real value of the RRCoP.” 

Deumens co-created the network in 2021 with Arizona State University Director of Research Cybersecurity and Compliance Carolyn Ellis. Together, the leaders sought to help institutions understand the complexities of regulated research, which refers to research that is subject to additional federal rules and guidelines based on the type of data involved. 

Working together to understand regulations

Federal laws and regulations safeguard personal health information and advanced technological data to uphold national security and protect intellectual property. In addition to these federal mandates, higher education institutions must also comply with state laws, university policies, ethical standards and contractual obligations. 

By offering workshops and strategic planning activities, as well as maintaining a repository of resources and templates, the RRCoP helps leaders at academic research institutions address these evolving regulations in a cost-effective manner. About 89% of the Association of American Universities and 68% of Federal Demonstration Partnership institutions participate in the RRCoP.

The program has been so successful that, in October 2024, the RRCoP joined Trusted CI, the National Science Foundation Cybersecurity Center of Excellence – a collaborative effort that provides expertise and resources to enhance the cybersecurity of research organizations.

Navigating the numbers

Historically, one of the most expensive and time-consuming hurdles for research institutions has been navigating audits. Audits are an essential oversight mechanism within the regulated research landscape, ensuring compliance with strict legal, ethical and quality standards.

To help institutions complete these regulatory audits, UF launched the RRCoP’s Ask the Assessor program last spring in partnership with Frazier & Deeter, a Top 50 accounting and advisory firm. 

Ask the Assessor takes anonymized use case scenarios involving regulated research – in combination with Frazier & Deeter’s University Data Security Solutions – to create a library of compliance strategies for external audit preparation.

HiPerGator has been successfully audited by an external assessor every two years since 2023 against the HITRUST cybersecurity framework, and it was one of the first university-owned supercomputers in the world to receive the certification. 

HITRUST is responsible for setting comprehensive standards and methodologies that champion safeguarding sensitive information and compliance activities. As of May 2025, HiPerGator’s HITRUST environment now meets the requirements under the National Institute of Standards and Technology 800-171r3. 

This level of compliance allows HiPerGator to store and process protected health information covered by the 1996 Health Insurance Portability and Accountability Act, to comply with the National Institutes of Health Genomic Data Sharing Policy, and to support projects that fall under Controlled Unclassified Information. 

“As a founding member institution of the RRCoP, UF has set a precedent for universities and colleges nationwide to proactively address compliance and risk management standards,” Deumens said.