System Offers Secure Storage of Medical Imaging Records

Author: 
Shana Leonard, with reporting by Brian Buntz

As the medtech industry continues to develop innovative software-driven and digital technologies, the issue of medical device security has emerged as a viable threat to patient safety and privacy. Seeking to allay some of these mounting security concerns, Ciphertex Inc. (Chatsworth, CA) has developed a line of secure, portable storage systems that employ advanced hardware encryption for protecting confidential medical patient data.

Ciphertex data storage
Ciphertex's data-storage systems provide protection of patient data via advanced hardware encryption.

Suitable for integration by medical device manufacturers into such medical imaging applications as mammography, ultrasound, MRI, and CT units, for example, the storage systems are capable of protecting patient data that are recorded or downloaded and may need to be transferred outside of a firewall. High levels of security are ensured for such confidential data through the use of AES 256-bit hardware encryption, which is the same level of encryption employed by the government to store classified information, according to Jerry Kaner, president and CEO of Ciphertex.

“Ciphertex’s products are the only arrays that offer hardware encryption that doesn’t encroach on the performance of the devices,” Kaner adds. “Other products that use software encryption hinder the performance significantly. The performance on storage products is very important because when you are capturing data or when you are downloading data, it all relates to time: The slower the performance, the longer it takes. So, we use hardware encryption for performance reasons.”

Multiple levels of protection are incorporated into the storage system, including the requirement of a dongle to access stored data. This feature, Kaner notes, is literally the key to encrypting or decrypting the information stored on the system.

“Incorporating Ciphertex storage products for transporting data from the acquisition point to the repository adds another critical layer of security to the process without having huge budget implications,” Kaner concludes. “And any time you can inject more security into the process, it is well accepted by the market and well accepted by the regulatory commission.”