In this paper, we propose a two-factor data security protection mechanism forpathology laboratory system. Our system allows a pathologist (sender) to upload anencrypted information of patient on cloud storage server. The pathologist (receiver)needs to possess two things in order to decrypt the cipher text. The first thing ishis/her secret key stored in the computer. The second thing is a unique personalsecurity device which connects to the computer. There are two types of storages in thesystem. First one is private data storage and second is public data storage. We have toupload and download data on private storage with the help of security device and inpublic data storage we can download data using secret key via e-mail. This process iscompletely transparent to the third party (admin). The security and efficiencyanalysis show that our system is not only secure but also practical.