Build in crypto-agility and plan your PQC transition now to future-proof for compliance and patient safety.
By Naomi Schwartz and Axel Wirth, Medcrypt
Quantum computing technology could one day soon crack modern medical device encryption. (Pictured is IBM Quantum scientist Maika Takita at IBM’s research HQ, the Thomas J. Watson Research Center) [Photo courtesy of IBM
The race to protect medical data and connected devices from quantum-enabled threats is on, but are device manufacturers ready or even aware?
Quantum computing may sound theoretical, but the implications are very real and fast-approaching, and medical device manufacturers need to start taking action. This piece outlines what PQC is, where regulatory and standards bodies are heading, and why crypto-agility must be part of device design today.
Today’s cryptography is considered secure because it would take a very long time for traditional binary computers to solve the complex mathematical equations used to encrypt information. Unfortunately, the processing power of nascent quantum computers will perform these operations much faster to break current cryptography.
Practical quantum computers are only a few years (at best a decade) away from being able to do just that. Therefore, any developer of devices or software needs to consider the imminent risks and plan a path to quantum-secure cryptography.
For example, NIST will deprecate the use of traditional algorithms like RSA and ECC by 2030 and expects to migrate legacy algorithms by 2035. Similarly, the European Union has stated that high-risk use cases must be fully migrated to PQC by the end of 2030 and the transition for medium- and low-risk systems should be completed by 2035.
Especially in the device industry with its strong regulatory oversight, long development cycles, and long product life, the transition to quantum-resistant post-quantum cryptography (PQC) must start now. This means devices developed today should be PQC-ready by implementing approved post-quantum algorithms or by providing crypto-agility and allowing for future upgrades.
However, not all risks are created equal. The above concerns are mainly applicable to asymmetric crypto schemes where more computing power will make it easier to break them. Symmetric algorithms are inherently more secure but come with the burden of having to secure the symmetric keys and still would require a brute force approach to breaking them.
PQC guidances
Naomi Schwartz is the VP of services at Medcrypt and a former FDA reviewer. [Photo courtesy of Medcrypt]
Scientific and regulatory agencies across the globe have provided specific guidance on timelines (as discussed above) and recommendations on how to manage the transition to quantum-safe algorithms. NIST has provided a wealth of information as well as specific recommendations for quantum-safe algorithms.
The European Union Agency for Cybersecurity (ENISA) is taking a different approach. Although the agency has provided a review of various families of PQC algorithms, they have not yet made any specific recommendation. They’re focused more on strategies and recommendations for transitioning to PQC, such as the use of hybrid cryptography and crypto-agility.
For regulated medical devices, the FDA does not call out a specific approach to PQC or require specific algorithms. Recognizing the longevity of medical devices, the latest June 2025 premarket cybersecurity guidance calls for industry-standard cryptographic algorithms and protocols, as well as the use of current (but evolving) NIST-recommended standards for cryptography.
Scope and impact of PCQ changes
PQC will have an impact everywhere cryptography is used as a security control. This includes the protection of confidentiality and integrity of medical device data, plus security functions such as secure boot, code signing, including secure updates, and authentication.
Beyond the technical security functions, device manufacturers need to prepare regulatory documentation on how cryptographic functions will be applied and maintained over the product lifecycle. This will include the selection of the right algorithm, respective key strength, and supporting infrastructure to generate, provision, protect, and maintain secret key material.
In cases where PQC algorithms can not be implemented today, there should be a defined pathway to a future PQC upgrade. That means in addition to managing key lifecycles, engineers also need to implement ways to manage algorithm lifecycles.
PQC challenges
Medcrypt Chief Security Strategist Axel Wirth [Photo courtesy of Medcrypt]
Given the complexity of manufacturer product portfolios — both released products and those in development — it is recommended that manufacturers establish an inventory of crypto algorithms used. A cryptography bill of materials (CBOM) is a useful tool for this. Once an overview has been established, the relative risks can be determined and a path forward can be defined.
Long development cycles and long product life are a unique device industry challenge and lead to a sense of urgency to start the post-quantum transition. Those 2030 and 2035 deadlines are approaching fast and will impact products under development today.
A specific area of concern is resource-constrained medical devices that may lack memory, computational resources, and battery power to support PQC today. The lack of hardware accelerators only compounds this problem. Again, this leads to the conclusion that planning for PQC has to start sooner rather than later.
Lastly, we also need to be aware that hospitals are complex systems of systems and that laggards will hold up the piecewise transition to quantum-safe devices. This challenge will require planning across the larger industry and will impact regulators, manufacturers, operators and standards bodies alike.
Medical devices under development will likely take a few years to be introduced to the market and will be in clinical use for at least a decade, well past when PQC will be required. Building in crypto-agility and planning your PQC transition now is future-proofing both compliance and patient safety.
Naomi Schwartz, VP of regulatory strategy at Medcrypt, is a former FDA premarket reviewer and consumer safety officer. Schwartz approved the cybersecurity and software for the world’s first regulated automated insulin dosing (AID) system and was the FDA’s liaison on cybersecurity standards for diabetes and EMC standards for IVDs.
Axel Wirth is chief security strategist at Medcrypt and an advocate for compliance, privacy, security and patient safety.
Read more MDO Contributions and learn how to submit your own
The opinions expressed in this blog post are the author’s only and do not necessarily reflect those of Medical Design & Outsourcing or its employees.
