PQC (Post-Quantum Cryptography) 08-08-2023

How Will Quantum Computing Impact Healthcare Security?

Safeguarding medical data in the age of information

Timothy Hollebeek
PQ Blog Image

September 2023 Update: Marking a nearly seven-year process and the final steps towards the world’s first post-quantum cryptography standards, the U.S. National Institute of Standards and Technology (NIST) released draft standards for quantum-safe algorithms on Aug. 24.

The transition to quantum-safe cryptography will hinge on two steps: inventorying all cryptographic assets and achieving crypto-agility through automation and centralized management. DigiCert’s customers investing in crypto-agility have deployed DigiCert® Trust Lifecycle Manager, which provides a comprehensive solution to discover, manage and automate digital trust across their organization. 

For additional guidance on preparing for the transition to quantum cryptography, please refer to this blog.

Quantum computers will change the way many industries operate, and  the impacts of quantum computing will affect all aspects of society. Quantum computers could be used to solve complex problems faster and more accurately than traditional computers, leading to new discoveries and breakthroughs in various sectors (read our predictions about quantum’s impact by sector here). However, quantum computers could break many of the encryption algorithms currently used to secure digital trust. Thus, we’re exploring how quantum computing will impact security of various interactions that businesses and individuals rely on in everyday life in a series of blog posts.

Securing our data is incredibly important, but when it comes to healthcare information, securing data and medical devices can quite literally mean life or death. In today's data-driven world, businesses have become the guardians of society's most intimate details – our health records. And healthcare data is growing 36% annually, which can include not only personal details like name, social security number and date of birth but also health insurance information, names of spouses and children and even diagnosis and medical conditions. Furthermore, the largest medical data breaches in history have affected millions of patients. While this data can open the possibility for more understanding and advanced innovation, it also needs to be secured.

Globally, medical privacy is highly regulated and valued. However, when (not IF) quantum computers become a reality, the medical information used today could become exposed. Additionally, the medical devices and software in use today will need to be protected to keep patients who use them safe. Thus, any data, device or software in use today that will be in use 10, 20 or 30 years from now will become vulnerable to quantum computers in its lifetime.

Medical data must be protected for a long time – longer than PQC

Medical information has some of the longest protection timelines. Information about intelligence sources and weapons of mass destruction by default are protected for 50 years. Information about medical tests of an infant may need to be protected for 120 years or more, equivalent to at least a human lifetime. And, although we aren’t sure the exact date when quantum computers will arrive, experts agree it will definitely be within the next 120 years!

Thus, medical data in use today could become vulnerable in the future. Attackers use a technique called “harvest and decrypt” where they harvest data now with plans to decrypt it later when their decryption tools catch up to the encryption technology in place. Harvest and decrypt is a serious threat to medical privacy, especially with so much health information being handled online in the post-COVID era. In other words, healthcare providers need to start thinking now about how to provide increased security for medical data and create a plan for when quantum computers arrive.

Medical devices also need long-term protection

The device and software approval process for medical technology is also long, meaning it is important for providers of medical software and devices to start getting ready well in advance of the threat arriving. Securing these smart devices can be challenging, even without the threat of quantum computers, as they have limited computing and memory and can be difficult to update. That’s why we predict that the internet of things (IoT) will be one of the more vulnerable verticals to quantum computers. However, standardization is starting to catch up and multiple regulatory bodies are moving to increase the security of these devices, which will better protect them now and in a post-quantum future.

Medical regulation needs to get ahead of quantum

Additionally, although medical privacy is already heavily regulated, the relevant agencies involved in setting the standards need to consider quantum computing’s impact now. They need to update their privacy requirements to include threats from quantum computers to make sure medical information remains secure during this important transition.

Quantum could benefit healthcare field as a whole, but still needs more security

On the bright side, quantum computers could also be used to further advance healthcare, including reduced time to develop vaccines, earlier diagnoses and more personalized treatments. Imagine being able to develop the COVID-19 vaccine much quicker! Many lives would be majorly impacted. One major factor contributing to this slow time-to-market for vaccines is the need to engineer molecules for the purpose of testing their interactions with others. Quantum computers, however, hold the key to circumventing this constraint by enabling scientists to simulate these complex molecules in silico. Simulating the quantum mechanical interactions of reacting molecules is extremely computationally expensive for traditional computers, but quantum computers can take advantage of their own quantum nature to simulate them much more efficiently. This simulation capability offers an unprecedented level of precision, down to the scale of individual atoms, heralding a new era where scientific experimentation can transcend the limitations of the physical world.

However, the benefits of medical advancement due to quantum computing will be moot without the proper security in place to ensure that patient information and confidential data remains protected.

Even if we have better care and accelerated treatments, if sensitive patient data is exposed to attackers, it could spell disaster. This is especially true as the amount of health data collected and stored will only continue to grow as quantum computers will need a wealth of diverse data to make their critical calculations.

In summary, organizations must rise to the occasion and fortify their defenses, for the sake of not just compliance, but for the trust and well-being of us all. The time to start planning and preparing for a post-quantum world is now. Organizations can prepare for PQC now by inventorying their cryptographic assets, prioritizing what needs to be trusted or secured for a long period of time and exploring how to implement PQC algorithms to protect against future quantum attacks. For more information on how to prepare for the quantum cryptography transition, check out this blog.

Interested in how quantum computing will impact society? Check out the full series at https://www.digicert.com/blog/category/post-quantum-cryptography.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min