The Quantum Clock Is Ticking - and Healthcare Is the Richest Target on the Board

There is a moment coming that the intelligence community has quietly named Q-Day, the day a quantum computer becomes powerful enough to break the encryption protecting virtually everything we do online. Financial transactions. Government communications. Military command and control.

And the single largest concentration of long-lived, high-value, irreplaceable data on the planet: healthcare.

I want to be precise about what "healthcare" means in this context, because most of the conversation about HIPAA and patient privacy badly understates the size of the target. Yes, it means the electronic Protected Health Information (ePHI) sitting in every hospital Electronic Health Records (EHR) platform, every payer's claims system, every clearinghouse. But the healthcare ecosystem is far larger than the records of individual patients. It is the genomic and clinical-trial datasets held by biotech and pharmaceutical companies. It is the proprietary firmware, design files, and algorithms inside medical devices, the intellectual property of the manufacturers who build them. It is the disease-surveillance, pathogen-sequencing, and population-health data held by the CDC, the WHO, the ECDC, and national health agencies around the world. Almost all of it is protected, today, by cryptographic standards that quantum computing will render obsolete.

Most security leaders are aware of Q-Day in the abstract. Very few are acting on it with the urgency it demands. And almost none are grappling with the concept I want to introduce in this series, one I believe is more immediately dangerous than Q-Day itself.

I call it C-Day.

C-Day is the capture day: the moment adversaries shift from opportunistic data theft to strategic, quantum-anticipatory collection. The deliberate, systematic harvest of encrypted data today, stored with patience, waiting for the quantum capability that will eventually decrypt it.

Here is the critical point, and it is sharper in healthcare than in any other sector: C-Day is not a future event. For sophisticated nation-state actors, C-Day has already happened. The breach is silent. The damage is invisible. And the detonator is set.

This is the first in a series of articles I'm writing on quantum computing for Healthcare and its implications for the security of the healthcare ecosystem over the next 25 years. My goal is straightforward: to provide a fact-based, analytically grounded perspective on how quantum will reshape the threat landscape for providers, payers, manufacturers, life-sciences research, and public health, with specific, dated projections I am willing to stand behind. Not hedged speculation. Not vendor positioning. A practitioner's forward-looking assessment, informed by decades in national security, cybersecurity operations, and executive leadership.

Let me start with the foundation.

What Quantum Computing Actually Is

Classical computers, every laptop, server, infusion pump controller, and PACS workstation on the planet, process information in binary: ones and zeros, on or off. Every calculation is a sequence of bits in one of two states. A classical bit has no states beyond that binary limit; it must be either a zero or a one.

Quantum computers operate in a fundamentally different area of physics by introducing the quantum bit, or q-bit. Each q-bit exists in a superposition of 0 and 1 simultaneously - and every point between the two. When observed - when the output is read - the q-bit resolves into one of two states, it becomes either 0 or 1.  By entangling q-bits (forcing them to influence each other), multiple q-bits can act as a single unit. Two binary bits can produce an outcome of 1 and 1, 1 and 0, 0 and 1, or 0 and 0 - separate and distinct values for each bit. Two entangled q-bits can produce the outcomes of 11, 10, 01, or 00 - intertwined outcomes of two bits each.  Four q-bits resolve to 16 possible states, and processing power scales exponentially with each additional q-bit. 

For most computational tasks we perform today, this distinction is academic. Quantum computers are not universally faster than classical machines, they are specifically advantaged for certain categories of problems. One of those categories happens to be the mathematical problems that underpin modern encryption. By applying quantum interference, the computer operator creates patterns in the entangled q-bits which amplify the right answer, while suppressing the wrong answers. When the system is finished with the equation, the right answer is provided by observing (measuring) the state of all the q-bits involved.  This process - from initiation through observation - occurs in minutes or hours for even the most complex mathematical equations we work with in cybersecurity today, where traditional binary computing could take months or years to produce an answer.  The incredible speed increase when performing mathematical equations is a function of how q-bits can operate in groups of entangled units, where binary systems must work with individual bits that cannot work together directly. We will expand on this throughout the series.

RSA encryption, the standard protecting the majority of internet communications, and a large share of the data exchanged between EHRs, health information exchanges, payers, and device manufacturers, derives its security from the computational difficulty of factoring very large numbers. A classical computer factoring a 2048-bit RSA key would require longer than the age of the universe. A sufficiently advanced quantum computer running an algorithm developed by mathematician Peter Shor in 1994 (already proven on smaller calculations) could accomplish it in hours. Possibly minutes at sufficient scale.

That is Q-Day.

Where We Are on the Timeline

The honest answer is that we do not know precisely when Q-Day arrives and anyone claiming certainty in either direction is not being straight with you.

What we know with confidence: IBM has deployed processors exceeding 1,000 qubits. Google has demonstrated quantum supremacy for specific computational tasks. IonQ is pursuing commercial quantum computing on a roadmap measured in years, not decades. China's national quantum program, including the Jiuzhang photonic quantum computer, represents a state-level investment that is not constrained by commercial timelines or shareholder expectations.

The standard industry projection puts the timeline for cryptographically relevant quantum capability (a machine capable of breaking RSA-2048 at operational scale) at somewhere between 7 and 15 years from now. That range comes from credible researchers and institutions. It is the reason NIST finalized its post-quantum cryptographic standards in 2024, and the reason the National Security Agency took it seriously enough to mandate migration timelines for national security systems under the Commercial National Security Algorithm (CNSA) 2.0.

But that 7–15 year estimate was derived largely without accounting for one variable that has changed dramatically in the past three years: artificial intelligence.

AI Is Compressing the Timeline

The hardest unsolved problems in quantum engineering are not theoretical. They are engineering problems, qubit error correction, logic gate fidelity, qubit stability at scale. These are precisely the categories where the application of AI and machine learning is demonstrating accelerating capability.

Google DeepMind's AlphaQubit model, published in 2024, achieved state-of-the-art quantum error correction through machine learning, outperforming the best human-designed algorithms. This is not an isolated result. AI is being applied across the quantum development stack: optimizing circuit design, accelerating materials discovery for more stable qubit architectures, and improving calibration systems that currently require significant manual engineering effort.

The compounding effect of AI-accelerated quantum development is not yet reflected in most public timeline projections. My assessment: the 7–15 year window is an optimistic estimate built on yesterday's assumptions. Organizations and analysts treating 2035 as a safe planning horizon are making a material error. The timeline is moving, and it is not moving in our favor. For healthcare, that miscalculation is compounded by something unique to this sector, the shelf life of the data.

Why Healthcare Is the Worst Possible Place to Lose This Bet

Every C-Day argument rests on one question: how long does the stolen data stay valuable? In most industries, the answer is "not very long." A captured password gets rotated. A stolen credit card gets cancelled or eventually expires. A leaked quarterly forecast is stale in ninety days. The harvest-now-decrypt-later doctrine only pays off if the data is still worth something when the quantum capability finally arrives.

Healthcare data can be stolen now, but stays relevant for a very long time.

Patient data does not expire. Your diagnoses, your mental-health history, your HIV status, your reproductive history, your substance-use treatment, these remain sensitive, exploitable, and coercive for the rest of your life. A nation-state that decrypts a hospital's archives in 2035 is not looking at stale data. It is looking at a permanent dossier on tens of millions of people, useful for blackmail, coercion, and the targeting of individuals in sensitive government, military, and corporate positions for decades. This is the problem already facing government agencies and personnel after threat actors stole data from the US Office of Personnel Management, but applied to the entire patient population of a country.

Genomic data is worse. A genome is not a credential you can reset. It is a permanent biological identifier,  and it implicates not just the patient but their blood relatives, including children not yet born and family members who never consented to anything. A genomic database harvested today and decrypted in fifteen years is a strategic asset with a multi-generational shelf life. There is no remediation, no rotation, no notification letter that makes the people in it whole. This type of data theft has already happened in the 23andMe data breach

Research and IP are the quiet jackpot. A pharmaceutical company's clinical-trial dataset represents a decade of work and, frequently, billions of dollars of investment. A medical-device manufacturer's firmware, design files, and proprietary algorithms are the company. An adversary that decrypts a competitor's harvested trial data, molecular structures, or device IP in 2035 does not steal a product, it leapfrogs ten years of R&D and the cost that came with it. The harvest is invisible today. The competitive and national-security consequences land a decade from now, when nobody is watching the original breach anymore.

And then there is public health. The CDC, the WHO, the ECDC, and national health ministries hold disease-surveillance data, pathogen-sequencing libraries, and population-health intelligence that is, frankly, national-security-grade. A nation-state systematically harvesting that data is not committing a privacy violation. It is building strategic biological and population intelligence – the kind that informs both defensive and offensive biosecurity posture. Most of this data sits entirely outside HIPAA's scope, governed by a patchwork of international agreements and agency policies that were never designed with a quantum adversary in mind.

Military and defense medicine is the layer this conversation almost always omits – and the one that should worry national-security leaders most. The DOD and aligned governments run extensive medical research, human-performance studies, biodefense and medical-countermeasure programs, and operational health systems, much of it classified, much of it encrypted, and much of it a standing collection target. The exposure runs in three directions. There is the intellectual property itself, an adversary that decrypts harvested countermeasures or biodefense research gains knowledge that can be turned back against civilian populations, not only against soldiers. There is the safety of the people that data describes, service members, study participants, and the public; all exposed when protective research becomes an adversary's playbook. And there is the consequence that is consistently underestimated: reputational and diplomatic harm. The historical record holds more than one experiment or testing program a nation would prefer stayed buried, and a quantum adversary sitting on decryptable archives holds the power to surface it on a timeline of its own choosing. For allied governments sharing data across borders, a single decryption event could rewrite a relationship.

This is why I argue C-Day matters more in healthcare than anywhere else. Everywhere else, the harvested data decays. Here, it appreciates.

C-Day: The Threat Already in Motion

The quantum threat is typically framed as a future event: something to prepare for before Q-Day arrives. That framing is dangerously incomplete, and it ignores the strategic behavior of the adversaries who have the most to gain from quantum capability.

Nation-state actors, particularly China's Ministry of State Security and affiliated advanced persistent threat groups, operate on planning horizons that make most corporate strategic plans look myopic. They do not need quantum capability today to benefit from it. They need collection infrastructure today, and patience.

The doctrine is known in practitioner circles as harvest-now-decrypt-later. I call the moment it becomes systematic and strategic "C-Day", the capture day. It is my original contribution to this framework, and I introduce it specifically because the existing terminology fails to communicate the strategic significance of the collection moment. Q-Day gets the attention. C-Day is where the actual damage happens and, in healthcare, it is already happening.

The evidence is not circumstantial. In 2015, the Anthem breach exfiltrated 78.8 million health-plan member records: names, dates of birth, Social Security numbers, medical IDs. The U.S. Department of Justice ultimately indicted China-based actors, and state investigators concluded a nation-state was responsible. Note what was not observed afterward: a corresponding wave of ordinary financial fraud. That is the tell. When a nation-state takes 78.8 million people’s identity information and it does not show up on identity theft marketplaces or other dark-web data troves, the collection was the objective – exactly the behavior C-Day describes. That data has a shelf life measured in decades, and we will not understand its full value, in the quantum context, for another ten years.

Then there is the supply chain. The 2024 Change Healthcare attack compromised the protected health information of roughly 190 million people, later revised upward to more than 192 million, over half of the entire US population, making it the largest healthcare data breach in history. The intrusion came through a single clearinghouse,  a UnitedHealth/Optum subsidiary whose systems touch roughly one in three U.S. patient records, reached through a remote-access portal that lacked multi-factor authentication. That is the healthcare equivalent of the SolarWinds supply-chain compromise: one upstream node, thousands of downstream covered entities and business associates, and a blast radius that no single hospital could have contained on its own. Whether or not Change was a C-Day operation, it is a proof of concept for one, a demonstration that healthcare's interconnected plumbing lets an adversary harvest a nation's worth of records from a single point.

Those are the known operations. The more significant threat is what I call C-Day Scenario 2: the persistent, low-and-slow collection operations that have never triggered a detection event, never surfaced in a forensic investigation, never appeared in a threat-intelligence feed. Silent collection at scale – inside a research university's biobank, a contract research organization's trial repository, a device manufacturer's engineering network, a public-health agency's surveillance systems. Adversaries slowly and methodically building a library of encrypted healthcare data that becomes a strategic asset on Q-Day.

The C-Day → Silent Window → Q-Day construct is the framework I will use throughout this series. It is not hypothetical. The Silent Window is active right now. The question for every healthcare security leader reading this is not whether Q-Day is coming. It is what was collected on C-Day and how much collection is still happening at this moment, across the patient, research, manufacturing, and public-health layers of this ecosystem.

The 25-Year Arc

This series will track quantum's impact on healthcare across a 25-year horizon, divided into five phases.

The Silent War (Now – 2028). C-Day operations active across multiple nation-state actors, targeting providers, payers, biobanks, life-sciences research, device IP, and public-health data alike. AI is compressing the quantum development timeline in ways not yet reflected in public consensus. Post-quantum cryptographic standards are available, but healthcare adoption is essentially nonexistent – most organizations are still working to make encryption-at-rest universal under the modernized HIPAA Security Rule, let alone quantum-resistant. The breach is ongoing; most organizations do not know it.

The Capability Threshold (2028 – 2033). First credible nation-state quantum capability sufficient for targeted attacks on high-value encrypted systems, and the highest-value encrypted systems include genomic databases, clinical-trial repositories, and pathogen-sequence libraries. Not public. Not commercial. But operationally real. Its existence will be inferred from behavior, not by announcement.

The Public Reckoning (2033 – 2038). Commercial quantum capability reaches the demonstration threshold. The C-Day collection operations of the 2020s become the regulatory enforcement cases, breach disclosures, and litigation of the 2030s. Consequential exposure of regulated patient data, proprietary research, and device IP could become routine. Some of the data will be dated and clinically useless, but still regulated, still protected, and still actionable for coercion. Regulatory frameworks scramble to catch up.

Quantum-Native Architecture (2038 – 2048). Security infrastructure across healthcare is redesigned from the ground up. Post-quantum cryptography becomes a baseline expectation for EHRs, HIEs, and, critically, for the medical devices that today ship with cryptographic implementations no one will be able to patch in the field. The quantum internet begins replacing classical secure communications for critical health infrastructure. AI-native, quantum-enhanced detection and response becomes the standard of care for the Security Operations Center (SOC).

The New Normal (2048+). Quantum capability commoditized. Classical encryption is legacy infrastructure. The healthcare threat landscape operates at a fundamentally higher order of complexity than today with the same dynamic of continuous offense-defense evolution, scaled beyond current imagination.

Each phase carries specific implications for security leaders, boards, manufacturers, researchers, and the patients all of them are ultimately responsible for protecting. I will address each in detail across this series.

The Projection

I want to be direct about something. This series will include specific, dated predictions — not hedged observations, not ranges designed to be unfalsifiable. Predictions I am willing to stand behind and be held accountable to over time. That is the only kind of projection that carries analytical value, the only kind worth publishing.

For this installment:

By 2027, the modernized HIPAA Security Rule, which moves encryption of ePHI from "addressable" to mandatory, at rest and in transit, will be in force, and OCR enforcement will make documented cryptographic posture table stakes. That floor will not yet require quantum-resistant cryptography, but it will force healthcare organizations to finally inventory where their data lives and how it is encrypted. The organizations that treat that inventory as a one-time compliance exercise, rather than the first step toward post-quantum migration, will be repeating the exact mistake that left the sector exposed in the first place.

By 2028, at least one nation-state actor – most likely China – will achieve state-classified quantum capability sufficient for targeted decryption of legacy-encrypted health, genomic, and research data. This will not be publicly disclosed. Its existence will be inferred from behavior: accelerated federal migration mandates, quiet pressure on CISA and HHS to harden the healthcare and public-health sectors, and the urgency with which agencies holding biosurveillance data begin treating post-quantum migration as a national-security imperative rather than an IT project.

By 2029, cyber-insurance underwriters will begin requiring documented post-quantum cryptographic posture as a condition of coverage for high-risk healthcare and life-sciences organizations, the same way they came to require MFA due to ransomware threats. Hospitals, payers, CROs, and device manufacturers without a documented migration program will feel it in their premiums before they feel it in a breach.

By 2032, the FDA's medical-device cybersecurity authority will extend explicitly to cryptographic agility,  manufacturers will be required to demonstrate that devices can be migrated to post-quantum algorithms over a service life that often exceeds fifteen years. The infusion pumps, imaging systems, and implantable devices being designed today will still be in clinical use on the far side of Q-Day. The ones that cannot be re-keyed in the field are tomorrow's unpatchable liability.

By 2045, classical public-key encryption will be effectively retired from healthcare critical infrastructure globally. The provider systems, research institutions, manufacturers, and public-health agencies that began post-quantum migration before 2030 will have done so on their own terms, with their own timelines, and at manageable cost. Those that waited will have done so under regulatory compulsion, or following a breach that made the decision for them.

The clock is running. C-Day, for much of the healthcare ecosystem, has already passed. The question now is what you do with the time remaining in the Silent Window.

In the next installment, I will go deep on C-Day in healthcare, its three scenarios, the adversaries actively operating the doctrine against providers, research, and public health, and why the most dangerous breach in your organization's history may be one you will never detect with classical security tools.

In future installments, we will address the elements of what can be done including stronger encryption use, data identification, segmentation, and future risk prioritization schemas.  The key is considering what damage today’s data will cause 3, 5, and 10 years into the future.

About the Author

Doug Howard is the CEO of Pondurance, an AI-powered managed detection and response firm providing MDR, digital forensics and incident response, and cyber advisory services to organizations across healthcare, life sciences, and other regulated sectors. He previously served in the U.S. Air Force and held roles at the Pentagon. He writes on cybersecurity, artificial intelligence, and emerging threats at the intersection of national security, healthcare, and enterprise risk.