Healthcare: PHI that's inert to anyone who takes it
Hospital networks and health systems store the most sensitive personal data in the economy — health records, imaging, lab results, therapy notes — across hybrid environments that were assembled over decades. Encryption is in place; keys live in a vault. The HIPAA Security Rule's standard is that PHI be "unusable, unreadable, and indecipherable" to unauthorized parties. Under conventional key management, no CISO can guarantee that property survives a compromised vault credential. Most know it. Few can say it to an auditor.
PHI is stored as encrypted HyperFrames replicated identically across independent backends — including hybrid deployments spanning on-premises object storage and cloud. An attacker who exfiltrates any single backend, or compromises its credentials, holds only ciphertext — cryptographically useless without the keys, which are never stored alongside the data. The question every HIPAA breach analysis turns on — was the data usable at the moment of exposure? — is answered by architecture rather than policy. HyperSphere is designed to help organizations render stored ePHI unreadable to unauthorized parties. HIPAA compliance and breach-notification determinations depend on the customer's implementation and the circumstances of the incident.
Change Healthcare, 2024. One stolen credential, one portal without MFA, and the PHI of as many as 100 million Americans was exfiltrated — with total costs of ~$2.457B per the company's own disclosures . HyperSphere DNA™ (Data Neutralization Appliance) would not have prevented the intrusion. It would have made the exfiltrated data cryptographically inert — removing the leverage, the downstream patient harm, and the cost cascade.
The harm of readable health data lands on patients, for years, with no recourse — extortion cases built on therapy records have already happened. Protecting patients from that outcome isn't only a compliance function; it's the obligation that comes with holding their data.
See it on your own storage
Compliance & frameworks. HyperSphere DNA uses NIST-standardized cryptographic algorithms and a FIPS-aligned cryptographic architecture. HyperSphere is designed to help organizations render stored ePHI unreadable to unauthorized parties; HIPAA compliance and breach-notification determinations depend on the customer's implementation and the circumstances of the incident. HyperSphere provides technical capabilities that support a customer's implementation of applicable security and compliance requirements. Compliance, certification, authorization, and breach determinations depend on the customer's complete environment, configuration, policies, operations, and assessment scope.