AY Abdulai Yakubu
Back to Blog

Jan 2026 · 6 min read

Why Healthcare Needs Post-Quantum Cryptography Now

Quantum computers aren't here yet, but the threat to patient data already is.

Healthcare is one of the most data-sensitive sectors in the world. Electronic health records (EHRs), medical imaging, genomic data — all of it is protected by cryptographic protocols that were designed for a pre-quantum era. The uncomfortable truth is that adversaries don't need a quantum computer today to exploit this. They just need to collect encrypted data now and decrypt it later — a strategy known as "harvest now, decrypt later."

The Quantum Threat to Healthcare

Most healthcare communication protocols rely on RSA or elliptic-curve cryptography (ECC) for key exchange and digital signatures. Both are vulnerable to Shor's algorithm, which a sufficiently powerful quantum computer could use to factor large integers or compute discrete logarithms in polynomial time.

For a typical web session, this might seem abstract. But healthcare data has a uniquely long shelf life — a patient's genetic information is relevant for their entire lifetime, and medical records must often be retained for decades. Data encrypted today with RSA-2048 could be decrypted within the next 10–15 years if quantum computing progresses as projected.

Why the Internet of Medical Things Makes It Worse

The Internet of Medical Things (IoMT) amplifies the problem. Connected pacemakers, insulin pumps, remote patient monitors, and hospital sensors generate continuous streams of sensitive data. These devices are often resource-constrained — limited CPU, memory, and battery — making it harder to deploy heavyweight cryptographic solutions.

Traditional public-key infrastructure (PKI) already strains many IoMT devices. Migrating to post-quantum schemes, which typically have larger key sizes and ciphertexts, requires careful protocol design to avoid breaking real-time performance guarantees that patient safety depends on.

Lattice-Based Cryptography: A Practical Path Forward

Among the families of post-quantum cryptographic primitives — lattice-based, code-based, hash-based, and multivariate — lattice-based constructions stand out for healthcare applications. Schemes based on the Ring Learning with Errors (RLWE) problem offer:

  • Smaller key sizes compared to other post-quantum families, making them more feasible for constrained IoMT devices.
  • Efficient arithmetic — polynomial multiplication over rings can be accelerated with Number Theoretic Transforms (NTT).
  • Versatility — RLWE supports both encryption and digital signatures, enabling unified authentication frameworks.

In our recent work on QRMA-IOMT, we demonstrated that RLWE-based mutual authentication can be performed on IoMT-class devices with acceptable latency, while providing security guarantees against both classical and quantum adversaries.

The Migration Challenge

Adopting post-quantum cryptography in healthcare isn't just a technical problem — it's an ecosystem problem. Hospitals run legacy systems, regulatory frameworks (HIPAA, GDPR) assume specific cryptographic baselines, and interoperability between devices from dozens of manufacturers must be maintained.

A pragmatic approach is crypto-agility: designing systems that can switch between classical and post-quantum algorithms without major architectural changes. Hybrid schemes — where a classical and a post-quantum algorithm run in parallel — provide a safety net during the transition period.

What Should Researchers Focus On?

Three areas need urgent attention:

  • Lightweight protocol design — Optimising post-quantum handshakes for devices with <256 KB of RAM.
  • Formal security proofs — Ensuring that protocol compositions (authentication + key exchange + data transfer) remain secure under quantum threat models.
  • Real-world benchmarking — Moving beyond theoretical analysis to measure energy consumption, latency, and throughput on actual medical hardware.

Final Thoughts

The quantum threat to healthcare is not hypothetical — it's a matter of timing. The data being transmitted by IoMT devices today will still be sensitive when large-scale quantum computers arrive. Starting the migration to post-quantum cryptography now is not premature; it's responsible. The cost of waiting is measured in patient privacy and trust.