New guidance paves the way for organizations’ migration to post-quantum cryptography

Aug 23, 2023 - 04:01 PM
Cybersecurity Lock on Gold Wall

A new resource from the Cybersecurity and Infrastructure Security Agency, National Security Agency and the National Institute of Standards and Technology is helping hospitals and other critical infrastructure organizations get up to speed on the impacts of quantum capabilities in cybersecurity and assist their early planning for migration to post-quantum cryptographic standards. Hospitals are encouraged to use the resource to develop a quantum-readiness roadmap that accounts for existing cryptographic inventories, vendor relationships and capabilities, and supply chain considerations. Such preparations are recommended to enable quick adoption of forthcoming post-quantum cryptographic standards that can help protect against future, potentially adversarial, quantum computer capabilities with the potential to break public-key systems that are currently used to protect information systems. 
 
“It is anticipated that the first quantum computers will come online within this decade, rendering many of our current encryption standards immediately ineffective,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “As the guidance states, the transition to post-quantum cryptography standards will be a multi-year and complex journey which we must embark upon now. And it’s a journey we cannot travel alone; we must partner with our technology providers to identify the quantum vulnerable cryptography algorithms upon which we rely. It has been reported that some of our cyber adversaries, in anticipation of being able to break the encryption in the future with quantum computers, have already begun ‘harvesting’ encrypted data that may have enduring national security and economic value. In sum, we are in a cryptography arms race with foreign spies and criminals who, with access to quantum computers, could pose a serious threat to the security and integrity of our data and networks. Prioritization for the transition to post-quantum cryptography should be given to those systems which are most relevant to patient care and the protection of patient data and medical research.”  
  
For more information on this or other cyber and risk issues contact Riggi at jriggi@aha.org. For the latest cyber and risk intelligence and resources visit www.aha.org/cybersecurity

Related News Articles

Headline
AHA blog: 2025 Cybersecurity Year in Review, Part One — Breaches and Defensive Measures
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Protecting Patients and Hospitals from Cyberattacks
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
HSCC launches toolkit to strengthen essential health care services and prevent cyberattacks
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…
AHA Cyber Intel
2025 Cybersecurity Year in Review, Part One: Breaches and Defensive Measures
As of Oct. 3, 2025, 364 hacking incidents had been reported to the U.S. Department of Health and Human Services Office for Civil Rights, affecting over 33…
Headline
Urgent action recommended on critical Oracle vulnerability
The AHA Oct. 6 released a Cybersecurity Advisory urging immediate action against a critical Oracle E-Business Suite vulnerability that is remotely exploitable…
Headline
AHA launches revamped Cybersecurity and Risk Advisory webpage
The AHA has launched an enhanced Cybersecurity and Risk webpage designed to help health care organizations strengthen their defenses against emerging cyber and…