Hackers could steal data now and wait to decrypt it until quantum computers become powerful and accessible enough. (Credit: Max Duzij/Unsplash)

Data encryption is an essential part of keeping patient information private. It’s also remained relatively unchanged in recent decades — a rarity for anything in the cybersecurity space. The dawn of quantum computing will change that.

Quantum computing is still in its infancy, but recent AI trends prove it doesn’t take long for new technology to disrupt an industry. Consequently, healthcare organizations must prepare for a post-quantum future now. They must anticipate how this technology will impact data encryption to remain safe and compliant as the industry evolves.

What Is Quantum Computing?

It’s easiest to understand quantum computers when contrasting them against conventional machines. Classical computers process information in terms of bits, which represent a value of either one or zero. By contrast, quantum computers use qubits, which can exist as both a one and a zero simultaneously — a phenomenon known as superposition.

This superposition means quantum machines can perform much more complex calculations in a shorter time frame. Theoretically, they could take minutes to solve problems that would take classical computers millions of years. 1 Quantum power also grows exponentially with additional qubits — each one doubles the machine’s computing capability.

As advanced as that sounds, some companies already have as many as 60 functional quantum computers. 2 However, these machines are expensive and complex, and they require near-absolute-zero temperatures to operate. Consequently, they’re far from accessible to most people, but that could change within the next decade.

Quantum-as-a-service (QaaS) could give users access to these advanced machines through the cloud. As services like this become more common, organizations and individuals alike could capitalize on the power of quantum computing without owning the necessary equipment.

How Quantum Computing Affects Data Encryption

Quantum computers will undoubtedly disrupt many facets of technology and business operations. Their impact on data encryption is one of the most pressing for healthcare organizations. As this technology becomes more accessible, it will both improve and threaten encryption practices.

The Good. It’s not difficult to see how faster computers could benefit healthcare data security. Processing more information at once means these machines could develop more complex encryption algorithms. Employing these protections would obscure patient personally identifiable information (PII) more than previously possible.

Quantum computing also enables entirely new approaches to cryptography. The most common example is quantum key distribution (QKD). QKD securely transmits a private key between two users instead of using public keys. It exists in superposition, and because it’s impossible to copy an unknown quantum state, 3 attackers can’t replicate it. QKD also makes it evident if someone tried interfering with the transmission, informing safe responses.

Healthcare organizations could also use quantum computing to bolster their defenses outside of data encryption. Faster network monitoring, advanced behavioral biometrics, and near-instant machine learning on encrypted datasets are just a few examples. These solutions don’t necessarily remove the need for encryption, but they make it less likely for a breach to occur in the first place.

The Bad. Quantum computing is just a tool. As such, whether it causes harm or good depends on its usage. The biggest concern regarding data encryption is that cybercriminals could use quantum computers to break past existing algorithms.

Conventional transistors can only represent one or zero, but a qubit can be both at once. (Credit: Axel Richter/Unsplash)

Theoretically, it’s possible to decipher encrypted data without the key by trying every possible combination of numbers. However, encryption is still secure — at least for now — because it would take classical computers trillions of years 4 to do so with a complex enough encryption algorithm. Quantum computing would change things.

While decrypting this data is virtually impossible for classical machines, it’s feasible on a powerful enough quantum computer. That’s especially true of less complex, public key-reliant encryption methods.

Today’s quantum computers are still incapable of breaking through the most advanced encryption algorithms. However, that likely won’t be the case in the future, considering how quantum power improves exponentially with additional qubits. It’s unclear when this technology will reach that point, but encrypted patient PII will suddenly become vulnerable when it does.

What It Means for Healthcare

The threat of encryption-breaking quantum computers has serious consequences for the healthcare industry. This sector already suffers more privacy issues than ideal, with hundreds of data breaches of 500 or more patient records in 2021 alone. 5 Breaches like this would become all the more consequential if encryption couldn’t keep PII private.

Encryption ensures that even breached data doesn’t reveal sensitive information. However, if cybercriminals can break through with quantum computing, it would no longer offer much privacy assurance. Attacks like this could leave healthcare organizations facing massive penalties under HIPAA or related privacy regulations.

It’s important to recognize that this threat isn’t distant, either. While quantum computing isn’t accessible or powerful enough to threaten encryption yet, the industry must act now. Criminals could steal encrypted data today and wait until quantum computing advances enough to decrypt it.

Unlike much other digital data, medical information remains relevant and sensitive for years. Consequently, cybercriminals would still cause extensive damage by decrypting this data down the line. Considering how quickly technology moves, this point — known as “Q-Day” in cybersecurity circles — could come earlier than many organizations expect.

How Healthcare Organizations Can Prepare for a Quantum Future

Q-Day is inevitable. Because it’s unclear when it may happen and threats exist today, the healthcare industry must adapt now to address this future. Thankfully, better protection is possible through a few best practices.

Embrace Quantum-Resistant Encryption. Adopting quantum-resistant encryption methods is the first and most important step to prepare for a post-quantum future. Security researchers have realized how quantum computing could render encryption obsolete, and they’ve developed alternative solutions to resist this threat. The National Institute of Standards and Technology (NIST) is already in the process of standardizing four of these quantum-proof algorithms. 6

Given this technology’s novelty, finding security vendors using these standards may be challenging. However, they will become more common with time, especially considering the situation’s urgency. Healthcare organizations should discuss these possibilities with their current software providers and potential alternatives to employ quantum-resistant encryption as soon as possible.

The four current NIST standards are not the only options, either. Healthcare businesses may be able to find other available quantum-proof encryption services from cybersecurity providers. However, it may be safest to go with NIST’s recommendations, as these will likely serve as the basis for future regulatory changes.

Capitalize on Quantum Security Technologies. Similarly, healthcare leaders must capitalize on quantum computing before cybercriminals do. In some cases, that may mean embracing cryptographic applications like QKD. In others, it could mean leveraging QaaS for faster, more advanced security features.

Partnering with quantum-enabled security vendors could help healthcare organizations advance faster than their attackers. This would reverse the industry trend, giving hospitals and other businesses a leg up in the quantum arms race. While it wouldn’t eliminate quantum-related threats, it might minimize their impact.

The National Security Agency recommends against using QKD and similar quantum cryptography tools in some cases. 7 This doesn’t mean these technologies are inherently unsafe, but often have shortcomings. Healthcare organizations must apply them carefully and only work with trusted vendors to account for these issues.

Ensure Security Beyond Encryption. Healthcare businesses must also recognize that encryption alone is insufficient as a protective method. This is true in any context, but especially in light of the risks of quantum computing.

Encryption is a contingency plan to minimize the impact of a data breach. It’s not a preventive measure. Consequently, leaders in this industry cannot use it as their only protection. As QaaS makes quantum threats more prevalent, the emphasis on the first lines of defense should increase.

These protections should employ the zero-trust philosophy, which verifies every user, endpoint and action before allowing it. As part of this framework, organizations must also restrict data access privileges as much as possible. Devices and users should only be able to access what they need for their job.

Employee training is another crucial aspect of these defenses. Human error is responsible for 49 percent of all data breaches among medical practices. 8 The only ways to reliably address these issues are to put all workers through regular cybersecurity training and automate basic tasks to reduce repetitive workflows.

Stay Abreast of Regulatory Changes. Healthcare organizations may stay current on regulatory changes that may emerge in light of quantum concerns. HIPAA and related guidelines will likely adapt as new threats arise and best practices change.

These shifts may not appear until after Q-Day, but they may precede it. In either case, it will take quick recognition and adjustment to remain compliant with these evolving standards. In the meantime, healthcare leaders can look to organizations like NIST or other cybersecurity experts for best practices before regulations catch up.

Quantum Computing Will Reshape Healthcare Security

Quantum computing may seem like a distant technology, but it may not be long before it becomes widespread. Reaching that point will benefit healthcare organizations in many ways, but it also requires a new approach to data encryption.

Q-Day represents a significant threat to healthcare privacy, but it’s not an impossible obstacle. The industry can prepare for this future if it adapts today.

References

  1. S. Pelley, “Google, IBM make strides toward quantum computers that may revolutionize problem solving,” CBS News, December 2023.
  2. C. Campbell, “Quantum Computers Could Solve Countless Problems—And Create a Lot of New Ones,” Time, January 2023.
  3. A. Gillis, “What is Quantum Key Distribution (QKD) and How Does it Work?,” TechTarget, November 2022.
  4. G. Wood, “Encryption Security for a Post Quantum World,” Center for Strategic and International Studies, June 2022.
  5. Why is Cybersecurity Important in Healthcare,” Rectangle Health, December 2021.
  6. NIST to Standardize Encryption Algorithms That Can Resist Attack by Quantum Computers,” National Institute of Standards and Technology, August 2023.
  7. Quantum Key Distribution (QKD) and Quantum Cryptography (QC),” National Security Agency, September 2021.
  8. L. Morris, “More Than a Third of Medical Practices Have Experienced a Data Breach—49% Were Caused by Human Error,” Software Advice, March 2022.

This article was written by Zachary Amos, a technical writer based in Mechanicsburg, PA. Contact: This email address is being protected from spambots. You need JavaScript enabled to view it. or visit here  .