Security at Blackfynn.

Security Overview

A platform built for scientific and clinical data requires a robust approach to security. Our security model is anchored on protecting the confidentiality, integrity and availability of data. During our cyclical risk management evaluations we apply industry standards from the National Institute of Standards and Technology (NIST) and our cloud provider, Amazon Web Services (AWS) as well as input from third-party experts. To address potential concerns and earn the trust of our partners to store and process sensitive data, we have compiled a list of controls that relate to commonly asked questions we receive on the matter of security.

Network and System Security

The Blackfynn platform, as well as all the PHI and PII data stored on it, is hosted in AWS data centers. By using a shared responsibility model, Blackfynn inherits all physical and environmental controls (physical access, network and power redundancy, hardware disposal, fire suppression, etc) from compliance programs managed by AWS. The compliance programs offered by AWS include, but are not limited to, HIPAA (United States), GxP (United States), C-5 (Germany) and G-Cloud (UK).

Blackfynn segments production data through a Virtual Private Cloud (VPC) and prevents direct access to a resource from the public internet. Requests to internal infrastructure is passed through external proxies and security groups which grant the minimal level of access.

Blackfynn runs intrusion detection, patch management, and configuration management agents to enforce compliance policies, detect threats such as systems and packages containing known vulnerabilities. Monitoring and threat detection does not stop at the system level as any high risk or changes to sensitive AWS infrastructure raises a high severity notification.

Data Confidentiality and Integrity

All data transmitted from customer devices to the Blackfynn platform is protected using 256-bit TLS encryption. To provide encryption and data segregation at rest, each organization has a unique key in which data is encrypted using AES-256. This encryption is managed by Amazon's Key Management Service (KMS). Audit logs track each time a key is used to encrypt or decrypt data.

Every file uploaded to the platform is individually scanned for viruses and will not enter the platform if the file is found to be infected. Blackfynn backups are geo-redundantly replicated across multiple availability zones for data durability.

Resiliency and Availability

Blackfynn has leveraged the reliability recommendations from the Reliability Pillar of the Well Architected Framework provided by AWS such as, but not limited to, the use of feature toggles, encrypted backups, load balancing and instance auto-scaling. Blackfynn maintains business continuity and disaster recovery plans which are regularly reviewed and rehearsed.

Email Security

Blackfynn signs every email by using the DomainKeys Identified Mail (DKIM) standard. The signatures can be used to verify messages are legitimate and have not been modified by a third party in transit. Additionally, email can only be sent from IP addresses that are published in our Sender Policy Framework (SPF) record.

Organizational Security

All Blackfynn employees, regardless of access rights, undergo background checks. We conduct three levels of checks:

  • National criminal record and SSN fraud
  • Employment verification
  • Education verification
Application Security

Blackfynn's platform is HIPAA compliant and has undergone assessment by third parties. All in house developed software is reviewed by at least two members of our team.

Product Security

A user will be locked out of their account after three failed attempts. Once an account is locked, an organization administrator needs to unlock it. This is further outlined and available in our Access Control Policy. All accounts can take further security measures through two-factor authentication. Every action taken on the application or against the platforms application programming interface (API) is logged. In that log, we record the HTTP method, HTTP protocol, remote IP address, remote host, timestamp, endpoint invoked, user ID, resource ID, and any additional parameters provided.

How to Report an Issue

If you believe you have found a security issue or have any concerns or questions about Blackfynn security, please contact us at

blackfynn_logo_mark_RGB_FULL icon-collaboration icon-research LinkedIn icon GitHub EEG Data Menu Monogram Analyze Icon icon-learning-development icon-wellness Security Storage icon-balance Google Dribbble Close menu Twitter