The Lock on Your Patients' Data May Already Be Broken! You Just Don't Know It Yet

By Shelby Kobes, Sr. Director of Community Health, Abacus Healthcare

Imagine a master thief who knows he’ll be able to crack your bank vault in 10 years, but not today. Rather than wait, he steals the entire vault now and sits on it until the key is ready. That’s exactly what’s happening to healthcare data right now. And Community Health organizations are squarely in the crosshairs.

The Quantum Threat, Explained Simply

Today’s computers process information in 1s and 0s. Quantum computers process both simultaneously, making them exponentially more powerful for specific tasks, including breaking the encryption that protects your patients’ records, billing data, and health histories.

Here’s the somewhat reassuring news: quantum computers capable of breaking today’s encryption standards do not yet exist at scale.

Here’s the urgent news: cybercriminals aren’t waiting. Bad actors are already stealing encrypted data today with the expectation that future quantum computers will eventually unlock it. Security experts call this strategy “Harvest Now, Decrypt Later.” In other words, data stolen today could become fully readable tomorrow. 

Why Community Health Organizations Face Outsized Risk

Community Health organizations serve some of the most vulnerable communities in the country. Your patients trust you with mental health records, HIV status, immigration-sensitive information, and substance-use histories. A single breach doesn’t just violate HIPAA; it can destroy trust, harm lives, and threaten the funding your organization depends on.

At the same time, many community health organizations operate with limited IT budgets and aging infrastructure, making them attractive targets and less equipped to respond quickly to emerging threats.

This is no longer a theoretical concern. In 2024, the National Institute of Standards and Technology (NIST) finalized new post-quantum cryptography standards because the threat is both real and approaching faster than many organizations realize.

5 Steps to Start Preparing Now

• Conduct a Quantum Risk Assessment. Inventory every system that stores or transmits patient data, such as EHRs, billing platforms, telehealth tools, and connected devices. Your annual Security Risk Assessment (SRA) should also evaluate current encryption standards and long-term exposure risks.
• Ask Your Vendors One Question: “Are you planning for post-quantum encryption?” If your EHR or cloud provider can’t answer, that’s a red flag. Ensure your BAA includes language that protects your organization as standards evolve.
• Start the Budget Conversation Now. Transitioning to quantum-safe encryption will require time, planning, and investment. Organizations that begin planning now will be far better positioned than those forced to react after a regulatory mandate or security event.
• Train Your Team. A security-aware culture is your first line of defense, quantum or otherwise. Ensure staff understand phishing, data handling, and why patient privacy is a mission-critical responsibility, not just a compliance checkbox.
• Migrate Toward a Hybrid or Full Cloud Environment. Hybrid and cloud-based infrastructures are better positioned to adopt updated encryption standards as NIST’s post-quantum algorithms (like ML-KEM and ML-DSA) become the new baseline.

As technology advances, the way we protect sensitive healthcare data must advance as well. Organizations don’t need to be experts in quantum physics to understand that cybersecurity strategies must continually improve and evolve to keep pace with emerging threats. Community Health organizations have always led with mission. Protecting your patients’ most sensitive information, especially for communities that have every reason to distrust systems, is part of that mission.

The threat is real. The timeline is uncertain. The time to act is now.

Is your organization starting to think about quantum readiness?  Visit https://abacustechnology.com/ to start the conversation.