Here’s How Healthcare Organizations Can Prepare for Quantum Risk

The Risk Posed by “Harvest Now, Decrypt Later”

Encryption — for both data at rest in storage systems or in transit via networks — has remained a powerful way to protect sensitive information for decades. Even if cybercriminals could access and steal this data, encryption rendered it essentially useless to them. However, the ability to “harvest now, decrypt later” (HNDL) — once quantum computing becomes powerful enough — has changed this equation.

Cybercriminals are already collecting encrypted data today with the intention of decrypting it in the future. This poses a particular threat for data in industries such as healthcare, financial services and government, where data maintains its value for many years.

The threat of HNDL means that any data a cybercriminal steals now could become valuable in the future, once it has been decrypted. To address this threat, healthcare organizations must begin working now to prevent the decryption of their data in the future. There’s nothing they can do to protect their data once it’s been stolen.

LEARN MORE: Improving cyber resilience can help your organization bounce back from security incidents.

Solution: The Arrival of Post-Quantum Cryptography

In May 2022, National Security Memorandum 10 directed federal agencies to prepare for the threat of quantum decryption. The memo requires agencies to take specific actions as part of a multi-year process of migrating vulnerable computer systems to quantum-resistant cryptography. 

“Post-quantum cryptography is about proactively developing and building capabilities to secure critical information and systems from being compromised through the use of quantum computers,” said Rob Joyce, then director of cybersecurity for the National Security Agency (NSA), in an August 2023 statement.

In August 2024, NIST published three cryptographic standards designed to resist an attack from quantum computers. These standards — ML-KEM, ML-DSA, and SLH-DSA — are intended to provide security for data across numerous systems, including email and e-commerce. NIST has encouraged IT teams to implement these standards are soon as possible.

Technology vendors such as Cisco Systems, Check Point and Palo Alto Networks have developed products with post-quantum cryptography (PQC) capabilities. These tools, including firewalls and network switches, can help healthcare organizations protect their data from quantum threats whether in transit or in storage.

“It is imperative for all organizations, especially critical infrastructure, to begin preparing now for migration to post-quantum cryptography,” said Jen Easterly, then director of the Cybersecurity and Infrastructure Security Agency, in an August 2023 statement.

Click the banner below to sign up for HealthTech’s weekly newsletter.