What happens when the treasure trove of human genetics meets the ever-expanding digital frontier? As genomic data surges in volume and value, so does the challenge of protecting its privacy and security. On May 20, 2025, the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) convened a hybrid workshop in Rockville, Maryland, to confront this very dilemma. The event gathered experts from technology, policy, and healthcare sectors to wrestle with the implications of cybersecurity in genomics—an area where the stakes could not be higher.
Located at 9700 Great Seneca Highway, the NCCoE serves as a hub for addressing emerging cybersecurity challenges by creating practical, standards-based solutions. This workshop was no exception, inviting participants both in person and virtually to discuss a rapidly evolving intersection: how to secure and safeguard genomic information in an era when data breaches are common and privacy expectations are complex.

Genomic data is not just another dataset. It contains deeply personal information that can reveal an individual’s susceptibility to diseases, family lineage, and even behavioral traits. Unlike a password, your DNA cannot be changed if compromised. “The stakes here extend beyond the individual to families and communities,” explained Dr. Erin Kenneally, a cybersecurity and privacy expert with the Center for Long-Term Cybersecurity at UC Berkeley, who participated in the workshop. “We need frameworks that protect this data without stifling the incredible innovation genomics can fuel.”
The urgency of these conversations is underscored by the increasing use of genomic information across healthcare, research, and commercial sectors. Companies offering ancestry services or personalized medicine rely heavily on secure data handling practices, but the regulatory landscape remains fragmented. Meanwhile, adversaries ranging from cybercriminals to nation-states see the value in stealing genomic data, either for identity theft or more nefarious purposes.
The NCCoE workshop sought to bridge gaps between stakeholders by identifying best practices and developing cybersecurity building blocks tailored to genomics. Among the topics discussed were:
/ Implementing robust encryption standards for genomic data at rest and in transit
/ Establishing access control protocols that respect patient consent and data ownership
/ Developing privacy-preserving technologies such as differential privacy and homomorphic encryption
/ Enhancing incident response strategies tailored for genomics databases
/ Aligning technical solutions with evolving policies and regulations, including HIPAA and GDPR
Experts like Dr. Kenneally emphasized the importance of collaboration. “No single organization can manage this risk alone. We need a coalition of technologists, policymakers, healthcare providers, and the public,” she said. This interdisciplinary approach is particularly vital given that genomic data intersects with both cutting-edge science and deeply personal rights.
From a policy perspective, workshop participants highlighted the challenges of harmonizing national and international standards. “Genomic data flows freely across borders, but legal protections do not,” noted James C. Miller, Chief Privacy Officer at the Department of Health and Human Services. “Without clear, consistent rules, individuals and organizations remain vulnerable.”
Meanwhile, technologists at the NCCoE are working on translating these discussions into actionable reference designs and open-source toolkits that organizations can adopt. These modular resources aim to accelerate secure genomic data use without requiring custom solutions for every new application.
For users—patients, research participants, and consumers—the workshop underscored a pressing need for transparency and education. How is their genomic data used? Who has access? What safeguards are in place? Without clear answers, trust in genomic initiatives could erode, potentially slowing scientific progress.
As adversaries become increasingly sophisticated, the cost of inaction grows. The threat is not hypothetical; recent incidents have shown that even well-resourced organizations can fall victim to breaches that compromise sensitive health data. Protecting genomic data is, therefore, a national security issue as much as a personal privacy concern.
Ultimately, the NCCoE workshop illuminated a simple truth: the promise of genomics can only be fully realized if its cybersecurity and privacy challenges are met head-on. It is a collective responsibility that transcends disciplines and borders. As we forge ahead into this genetic era, one must ask—are we prepared to defend the very code that makes us human?




