# Encryption at rest
<a name="encryption-rest"></a>

By default, HealthImaging encrypts customer data at rest using a service-owned AWS Key Management Service key. Optionally, you can configure HealthImaging to encrypt data at rest using a symmetric customer-managed AWS KMS key that you create, own, and manage. For more information, see [Create a symmetric encryption KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/create-symmetric-cmk.html) in the *AWS Key Management Service Developer Guide*.