Categories
Digital Health MedTech

Harvest Now, Decrypt Later: Why Healthcare Must Go Post-Quantum Today

Harvest now, Decrypt later - post-quantum healthcare - medtech security

The Threat

Healthcare runs on trust — but its digital backbone is fragile. A sufficiently powerful quantum computer will run Shor’s algorithm, breaking RSA and elliptic curve cryptography. That means everything from EHRs to connected pacemakers is at risk.

And the danger isn’t hypothetical. Adversaries are already engaging in “Harvest Now, Decrypt Later” (HNDL) — collecting encrypted medical data today to crack open once quantum machines catch up. Health records are especially valuable because they must remain confidential for decades, often a century.

The Urgency

The US NIST finalised the first post-quantum cryptography (PQC) standards in 2024, including CRYSTALS-Kyber for key establishment and CRYSTALS-Dilithium for signatures. The EU has yet to mandate PQC explicitly, but under GDPR’s requirement for “appropriate technical measures”, regulators will likely interpret compliance as requiring migration.

Medtech and pharma firms cannot afford to wait. Migration is not a patch but a multi-year transformation: inventorying cryptographic assets, building crypto-agile architectures, and upgrading every system from EHRs to clinical trial platforms.

The European Edge

Europe is not passive. The EuroQCI initiative aims to build a pan-European quantum communication infrastructure based on quantum key distribution (QKD) — an ultra-secure backbone for critical sectors, healthcare included.

But PQC migration remains the urgent first step. Quantum-secure comms infrastructure is years away; vulnerable encryption is a present reality.

Strategic Takeaway

For European healthcare organisations:

  • Start the migration now: waiting until Y2Q is too late.
  • Prioritise PQC vendors and services: the “picks and shovels” of the quantum security gold rush.
  • Engage boards early: GDPR fines (4% of global turnover) make PQC a board-level risk.

Quantum computing’s promise in drug discovery may take a decade. Its threat to healthcare cybersecurity is here today. The winners will be those who treat post-quantum cryptography not as R&D, but as critical infrastructure.

By Piotr Wrzosinski

Piotr Wrzosinski is a Pharma and MedTech commercialization and digital marketing expert with 20+ years of experience across pharma (Roche, J&J), consulting (Accenture, IQVIA) and medical devices (BD).
He leads transformative EMEA Omnichannel Delivery Center team at Becton Dickinson and shares insights on Pharma, MedTech and Digital Health at disrupting.healthcare to speed up digital innovation in healthcare, because patients are waiting for it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version