The future of quantum computing presents unlimited opportunities. From accelerating medical research to optimizing healthcare logistics, the transformative potential for the healthcare sector is undeniable. Yet, as these technologies inch closer to real-world deployment, so does a looming cybersecurity threat. Quantum computers will render many of today’s encryption protocols obsolete. This creates unprecedented vulnerabilities in how sensitive data, especially electronic protected health information, is secured.
Why Healthcare Is Especially at Risk
Healthcare systems are already one of the most frequently targeted sectors in the cyber threat landscape. In fact, more than 276 million healthcare records were compromised in data breaches in 2024, according to The HIPAA Journal, making it the worst year on record in terms of breached health records. Vast repositories of highly personal data, legacy IT systems and high operational stakes make hospitals and health networks attractive targets.
Electronic health record platforms, such as Epic, Cerner and Meditech, contain rich datasets of identification, diagnostic, billing and insurance information. These systems, which are often integrated with broader hospital infrastructure and third-party communications platforms, create an expansive and frequently outdated attack surface.
The emergence of quantum computing exacerbates this challenge. Threat actors are now engaging in “harvest now, decrypt later” behavior, pulling encrypted healthcare data with the intent to decode it once quantum systems mature. This threat jeopardizes both immediate and long-term data integrity, raising new questions around patient trust, legal liability and institutional resilience.
The Speed and Scale of the Quantum Threat
While once considered decades away, functional quantum systems are now expected much sooner. A McKinsey analyst suggests commercially viable quantum computing applications are three to five years away from fruition. Likewise, in a recent survey, 40% of professionals believe quantum systems will outpace classical computing in under five years.
To illustrate the power shift, researchers at Google estimate that breaking RSA-2048 encryption – a task that would take a traditional supercomputer hundreds of trillions of years – could potentially be done by a quantum computer with sufficient qubits in a week. Gartner predicts that widely used encryption methods will be vulnerable to quantum decryption by 2029, leaving essential organizations, like healthcare systems, unprotected unless they pivot.
Today, according to IBM, data breaches in the healthcare sector are the highest across industries, with the average healthcare breach costing $10 million. The larger size and frequency of quantum-enhanced attacks could dramatically amplify this financial and reputational toll.
Building a Post-Quantum Defense Strategy
To confront this evolving threat, healthcare CIOs and CISOs must begin implementing post-quantum cryptography (PQC), which is a cryptographic algorithm resistant to both classical and quantum attacks. The U.S. National Institute of Standards and Technology is already laying groundwork, endorsing algorithms like FIPS 203 ML-KEM as the gold standard for PQC.
To defend their healthcare practice, healthcare leaders should begin with a comprehensive risk assessment to identify which systems rely on outdated encryption methods, evaluate software vendor readiness for PQC compliance and audit internal communication platforms for potential vulnerabilities.
Solutions that offer a crypto-agile architecture can provide hybrid encryption frameworks, blending classical and quantum-resilient algorithms to ensure both backward compatibility and future-proof security. This approach also helps maintain HIPAA compliance as encryption standards evolve.
Securing the Human Layer
Technology alone is not sufficient. According to Verizon’s 2024 Data Breach Investigations Report, 60% of data breaches involve human error. CIOs must invest in regular staff training, incident response plans and organization-wide awareness campaigns. This is particularly vital as new forms of social engineering may accompany quantum-enabled threats.
To build a robust “human firewall,” training should move beyond basic cybersecurity awareness to include secure data handling protocols and clear guidelines for identifying and reporting suspicious activities. Incident response plans must be frequently updated and circulated, ensuring every team member understands their role in mitigating a breach, from initial detection to containment and recovery. This proactive approach to human-centric security is as critical as technological defenses in the quantum era.
A Call to Urgency
Quantum computing is not a distant horizon, but a near-term inevitability. For the healthcare sector, this moment demands strategic foresight. Institutions that proactively invest in PQC frameworks, vendor partnerships and workforce training will be far better equipped to maintain trust, protect patient data and navigate this emerging frontier.
Anurag Lal
Anurag Lal is the President and CEO of NetSfere. With more than 25 years of experience in technology, cybersecurity, ransomware, broadband and mobile security services, Lal leads a team of talented innovators who are creating secure and trusted enterprise-grade workplace communication technology to equip the enterprise with world-class secure communication solutions. Lal is an expert on global cybersecurity innovations, policies, and risks.
