Quantum Computing and Healthcare Cybersecurity: Why NHS Leaders Must Act Now

So what does quantum mean for the NHS? While advances in quantum computing promise revolutionary advances in everything from drug discovery to diagnostics, they also pose an unprecedented threat to the security of patient data. The time to act is now. Your data may already be compromised - you just won’t know it yet.

With the UK government’s investment of £670 million in quantum computing, NHS leaders must understand both the opportunities and urgent risks this technology presents. This blog shares highlights from a recent webinar in partnership with GovNews and IBM building on the whitepaper  on quantum readiness in the NHS.

Hosted by GovNews, the webinar featured insights from expert panellists including, Nasser Arif, Cyber Security Manager at London Northwest Healthcare NHS Trust and the Hillingdon Hospitals NHS FT, Zygmunt Łoziński, Quantum Safe Network Specialist at IBM Research, and Matt Griffin, Director of Celerity. In this blog, you’ll deepen your understanding of the risk so you can take action to secure NHS patient data.

 Get your copy of the full whitepaper here.

Quantum computers multiply the power and possibilities of the most advanced computers today. Advances in this technology offer transformative possibilities in healthcare. Communicating the positive impact of quantum will help build support and momentum. As Nasser Arif, NHS Cyber Security Manager, emphasised: ‘There’s a piece of work to be done to raise the benefits of quantum and what that might look like in the future.’

The panellists discussed examples of the possibilities in healthcare. Zygmunt Łoziński at IBM described how The University of Nottingham has developed quantum sensors resembling bicycle helmets that can detect the onset of epilepsy in children. The UK's quantum strategy envisions that the NHS will use quantum sensors for medical diagnosis in the near future.

As well as offering early diagnosis, the technology promises to accelerate research breakthroughs. Quantum computers may unlock new drug discovery pathways by modelling chemical reactions with unprecedented precision. While advances in quantum bring opportunities for the NHS, leaders also need to be aware of the risks.

The most pressing concern for NHS trusts is the ‘Harvest now, decrypt later’ threat. Bad actors are already stealing encrypted data, betting that quantum computers will be able to decrypt it in the not so distant future. As Zygmunt Łoziński explained, ‘The risk is that people will steal really important clinical data about patients. And there’s evidence that some people are doing that today.’

This isn't a distant theoretical risk. Healthcare data remains valuable for decades. Japan mandates patient data security for 100 years, recognising its enduring sensitivity. Patient records, clinical trial data, and genomic information collected today could be exposed when quantum computers become powerful enough to break current encryption methods. 

The direction of travel is clear. NHS organisations must start their journey now to bolster quantum readiness. The National Cyber Security Centre has published clear guidance. High-risk systems should migrate to post-quantum cryptography by 2030, with complete migration by 2035. The European Union issued similar timelines, creating a global consensus on quantum readiness.

For NHS trusts, this means the planning must begin immediately. While the timescales may at first glance seem distant, significant work is required to protect patient data. The prevalence of complex legacy systems presents challenges. As Matt Griffin from Celerity, said, ‘You've got a spider's web of middleware and fixes that keep things working together.’ Taking stock of your infrastructure now can help you avoid being caught out.

So what steps can NHS leaders take to protect patient data? Creating a quantum-ready security posture requires a systematic approach:

1. Leadership and Ownership: Identify a senior leader to champion quantum readiness. This person should build a small, dedicated team combining security expertise with deep knowledge of your IT infrastructure.
2. Assessment and Discovery: Document your current cryptographic landscape. Understand where encryption is used, what type of algorithms protect your data, and which systems handle the most sensitive information.
3. Prioritisation: Focus first on systems handling long-lived sensitive data: patient records, genomic data, clinical trial information, and research databases. These represent your highest risk areas.
4. Vendor Engagement: Work with your technology suppliers to understand their quantum-safe roadmaps. Many vendors are already implementing post-quantum cryptography. Apple upgraded iMessage's security a year ago to make it quantum-safe.

'It's important among cyber professionals that we start to educate ourselves about quantum risks and that we don’t get distracted by firefighting,' Nasser Arif said. 'Even a little bit of time just to focus on those quantum risks – you'd be surprised by the ideas that pop into your head.'

NHS leaders cannot afford to wait. The ‘Harvest now, decrypt later’ strategy represents a threat now, even if quantum computers capable of breaking encryption remain years away.

To secure their data, NHS leaders need to:

• Establish quantum risk on their governance frameworks.
• Invest in staff education and awareness.
• Start mapping their cryptographic dependencies.
• Plan for a phased migration approach.
• Begin conversations with technology partners about quantum-safe solutions.

Matt Griffin urged leaders to avoid the ostrich approach of putting their heads in the sand. Being honest about current security postures is the first step to accelerating collective progress.

Quantum computing represents both the NHS's greatest opportunity and one of its most significant data security challenges. The technology that could revolutionise drug discovery and diagnostic capabilities also threatens to expose decades of patient data if trusts don't act now.

The path forward requires immediate action. Leaders must take stock of their cryptographic landscape, educate teams, engage vendors, and build migration plans. With clear government guidance and a 2030 target for critical systems, the time for action is now.

Our whitepaper created in partnership with GovNews and IBM offers a deep dive into the opportunities and risks of quantum in the NHS. Get your copy now to get ahead of the curve and protect patient data.

Get your full copy of the whitepaper now.