What is quantum-resistant encryption?

Quantum-resistant encryption is a new generation of encryption methods designed to remain secure even against the computational power that quantum computers will one day possess.

This blog explains what quantum-resistant encryption is, why it matters, and what healthcare organizations need to understand about it.

First, what is encryption?

Encryption is the process of scrambling data so that only authorized people can read it. Most of the encryption used today relies on mathematical problems that are difficult for conventional computers to solve. For example, a widely used method called RSA encryption (named after its creators, Rivest, Shamir, and Adleman) works because it is hard to figure out which two large prime numbers were multiplied together to produce an even larger number.

Learn more: Encryption at rest: what you need to know

So what is quantum computing?

A conventional computer stores information as tiny switches that are either on (1) or off (0). A quantum computer uses quantum bits, or "qubits," which can exist in multiple states simultaneously. This allows quantum computers to process large amounts of information in parallel, solving certain types of mathematical problems faster than conventional computers.

The history of quantum computing is noted in the HC3 briefing Quantum Cryptography and the Health Sector (July 2022) document. The HC3 document notes that in 1994, mathematician Peter Shor developed a quantum algorithm with the potential to decrypt RSA-encrypted communications; in 2013, D-Wave announced the world's first operational quantum computer; and in 2019, Google and NASA announced they had achieved quantum supremacy. However, it is worth noting that quantum computers are not general-purpose supercomputers. According to Ericsson Security Research, they are best understood as specialized machines capable of solving particular mathematical problems, not a replacement for the computers we use today.

Why does this matter for encryption?

The mathematical problems that make today's encryption secure are the kinds of problems that a powerful quantum computer could solve quickly. A quantum computer running Shor's Algorithm could theoretically break RSA encryption and similar systems in hours or even minutes, rather than thousands of years.

This does not mean encryption is not useful. Current quantum computers are not yet powerful enough to do this. In fact, Ericsson Security Research notes that a 2019 expert committee concluded that the emergence of a cryptographically capable quantum computer within the following decade would be highly unexpected. However, cybersecurity experts warn that within the next decade or two, the threat could become real. And adversaries may already be collecting encrypted data now, intending to decrypt it later once quantum computers are powerful enough. This is called a "harvest now, decrypt later" attack and Ericsson Security Research identifies it as the core motivation for seeking countermeasures today.

According to the HC3 document, 50 million Americans had their sensitive health data breached in 2021. Stolen health records can sell for as much as $1,000 each on the black market, and Stanford University estimates that medical data grows at approximately 48% per year, meaning that records created today could still be valuable, and vulnerable, years from now. This concern is emphasized by research published in the Asian Journal of Research in Computer Science, which found that as cloud adoption in healthcare rose from 30% in 2015 to 85% in 2024, hacking, ransomware, and phishing attacks remained high. Ultimately, reliance on cloud platforms expands the attack surface for cybercriminals.

What is quantum-resistant encryption?

Quantum-resistant encryption, also called post-quantum cryptography (PQC), refers to new encryption methods designed to withstand attacks from quantum computers. These methods do not rely on the same mathematical problems that quantum computers can easily solve.

The term "quantum-resistant" does not mean "quantum-proof." It means that the best available quantum algorithms are not known to break these methods efficiently. Ericsson Security Research points out that symmetric encryption methods are not really threatened by quantum computers, as breaking them would require an impractical amount of time and computing power, estimated at billions of years across numbers of machines. This means healthcare organizations using this encryption for stored data are better protected than those relying on public-key encryption for transmitting data.

Research published in the Asian Journal of Research in Computer Science evaluated how the leading post-quantum algorithms perform in practice. The findings indicate that two of the algorithms now standardized by NIST demonstrate balanced encryption and decryption performance while maintaining strong resistance to quantum-based attacks, making them well-suited to healthcare environments.

Who sets the standards?

In the United States, the National Institute of Standards and Technology (NIST) has been leading a global effort since 2016 to evaluate and standardize post-quantum cryptographic algorithms. After years of review involving researchers from around the world, NIST published its first set of finalized post-quantum cryptography standards in August 2024. These standards include:

• FIPS 203 - for key encapsulation mechanisms, used to securely exchange encryption keys between parties.
• FIPS 204 - for digital signatures, used to verify that data has not been tampered with and came from a trusted source.
• FIPS 205 - a second digital signature standard providing an alternative if one method is later found to be vulnerable.

These three standards are now the official benchmarks for quantum-resistant encryption in the United States government and, by extension, for industries that follow federal cybersecurity guidance which includes healthcare. Ericsson Security Research describes this standardization effort as the most important current development in the field, and notes there is broad consensus in the security community that NIST's post-quantum cryptography standards represent the best available path forward.

It is also worth noting that the HIPAA Security Rule already requires healthcare entities to implement safeguards, including encryption, that render electronic protected health information "unreadable, undecipherable or unusable" to unauthorized parties, as HC3's Quantum Cryptography and the Health Sector notes.

What about data in transit versus data at rest?

"Data in transit" refers to information being sent from one place to another, for example, a patient record transmitted from a hospital to a specialist's office. "Data at rest" refers to information stored in a database or on a server. Quantum-resistant encryption is relevant to both. The key exchange mechanisms protect data in transit, while digital signatures protect data at rest and in transit by verifying authenticity.

HC3's Quantum Cryptography and the Health Sector document offers a useful reminder of just how broad the healthcare encryption footprint is. Sensitive data at rest may reside in EHR and EMR systems, mobile and medical devices, cloud environments, email systems, servers, databases, backup systems, and vendor platforms. Data in transit spans telehealth and remote patient monitoring, telemedicine, hybrid workforces, cloud access, and medical professional collaboration tools. Any migration to quantum-resistant encryption will need to account for this full scope.

Read also: Why should ePHI be encrypted at rest and in transit?

What should healthcare organizations do?

HC3's Quantum Cryptography and the Health Sector document recommends that organizations begin by establishing a dedicated working group to evaluate their quantum posture, with representation from executive leadership, middle management in information technology, and senior technical professionals. The working group should clarify membership roles, set meeting frequency, and define milestones and goals. Questions to work through include; How much data does your organization hold, and at what sensitivity levels? Where is it stored, and how is that storage protected? How long does it need to be retained? And which aspects of your operations depend on cryptography, including authentication systems?

This internal assessment aligns with guidance from Ericsson Security Research and NIST, both of which advise organizations to map their cryptographic usage before planning a migration. For healthcare, this means examining email systems, electronic health record platforms, medical devices, telehealth tools, and any third-party vendors who handle patient data.

One practical interim step is to consider hybrid approaches, running both current and quantum-resistant encryption methods in parallel during the transition period. Ericsson Security Research notes that this strategy, already tested by major technology companies, offers meaningful additional protection without requiring a full system overhaul upfront.

Research from the Asian Journal of Research in Computer Science adds important context about what drives and blocks successful adoption. The study found that hospitals with higher levels of cybersecurity investment and staff training were more likely to implement quantum-resistant encryption, while institutions with limited budgets and technical expertise faced barriers. The data also showed that higher encryption adoption was associated with lower regulatory fines with average HIPAA and GDPR penalties falling from around $4.5 million in 2015 to around $1.25 million by 2024 as adoption improved.

Organizations should prioritize systems that handle data with long-term sensitivity such as genetic records, mental health records, and records of minors may still be relevant decades from now. And follow updates from NIST, the Department of Health and Human Services, and the Office for Civil Rights.

FAQs

Do small or rural healthcare organizations need to worry about this?

Yes, patient data has the same long-term sensitivity regardless of the size of the organization holding it, making every healthcare provider a potential target.

Does this affect medical devices and equipment?

Yes, any networked medical device that transmits or stores patient data relies on encryption and will eventually need to be assessed for quantum vulnerability.

Is this only a concern for large data breaches, or does it affect everyday transactions too?

Even routine data exchanges could be intercepted today and decrypted later.

Will my existing cybersecurity vendor handle this transition for me?

Not automatically, healthcare organizations should ask vendors about their post-quantum roadmaps.