Why Your Medical Imaging Infrastructure Is Already Being Harvested for Future Decryption

TLDR: Quantum computing poses a critical threat to long-lived data through "harvest now, decrypt later" attacks, where intercepted traffic is stored for future decryption. This research demonstrates how to secure the DICOM protocol using post-quantum cryptography (PQC) and emphasizes the need for a Cryptographic Bill of Materials (CBOM) to identify vulnerable dependencies. Pentesters should prioritize auditing long-term data storage and legacy cryptographic implementations in healthcare environments.

Healthcare data has a shelf life that far exceeds the security guarantees of current encryption standards. While we focus on immediate threats like ransomware or credential stuffing, the "harvest now, decrypt later" strategy is already in play. Adversaries are capturing encrypted traffic today, betting that they can decrypt it once a cryptographically relevant quantum computer (CRQC) becomes available. For medical records, which remain sensitive for decades, this is not a theoretical risk; it is a ticking time bomb.

The Mechanics of the Threat

The vulnerability lies in our reliance on asymmetric key exchange algorithms like RSA and Elliptic Curve Cryptography (ECC). These are the bedrock of TLS connections used to secure medical imaging data transmitted via the DICOM protocol. Quantum computers, using Shor’s algorithm, will eventually render these algorithms trivial to break.

The research presented at DEF CON 2025 highlights that while symmetric algorithms like AES are relatively resistant to quantum attacks—requiring only a doubling of key size—the asymmetric handshakes are the weak link. If an attacker intercepts a DICOM communication today, they don't need to break it now. They simply store the ciphertext. In 20 or 30 years, when quantum hardware matures, that data will be exposed.

Implementing PQC in DICOM

Securing these communications requires transitioning to post-quantum algorithms. The proof-of-concept demonstrated in the talk involved wrapping DICOM traffic in a TLS tunnel that utilizes PQC-ready handshakes. By integrating the oqs-provider and liboqs into the OpenSSL stack, the researcher successfully negotiated a quantum-safe key exchange for DICOM traffic.

The implementation required modifying the DCMTK library, which handles DICOM communications. Because DCMTK expects standard OpenSSL behavior, it initially failed to handle the larger key sizes associated with PQC algorithms. The fix involved identifying the specific points in the code where the handshake occurs and ensuring the provider was correctly initialized.

// Example of initializing the OQS provider in the application
OSSL_PROVIDER_load(NULL, "oqs");
SSL_CTX_set_groups_list(ctx, "kyber768");

This approach is a hybrid one. It maintains compatibility with existing infrastructure while layering in quantum resistance. It is a pragmatic step for environments where a full rip-and-replace of medical devices is impossible.

The Role of the Cryptographic Bill of Materials

Knowing that you need PQC is easy; knowing where to put it is hard. Most healthcare vendors have no idea which cryptographic algorithms are being invoked across their massive, distributed codebases. This is where the CBOM becomes essential.

A CBOM is essentially a software bill of materials focused on cryptography. It lists every library, algorithm, and key size used in your application. Without this, you are flying blind. The research introduced CBOMkit, a tool designed to automate the generation of these manifests. By scanning source code and third-party dependencies, it identifies where vulnerable crypto is being used.

For a pentester, this is a goldmine. If you are assessing a healthcare application, don't just look for SQL injection or broken access control. Look for the crypto. Use tools to map out the dependencies and identify where legacy algorithms are hardcoded. If you find an application using RSA-1024 or outdated ECC curves for long-term data storage, you have found a significant finding that directly impacts the long-term confidentiality of patient data.

Defensive Strategies

Defenders must move beyond simple compliance checklists. The first step is visibility. You cannot secure what you cannot see. Implementing automated scanning in your CI/CD pipeline—using tools like SonarQube with custom plugins—allows you to catch insecure cryptographic implementations before they reach production.

Furthermore, prioritize the migration of systems that handle data with the longest shelf life. Medical imaging devices, which often remain in service for 20+ years, should be at the top of the list. If you are a developer, start experimenting with the Open Quantum Safe project. It provides the necessary primitives to start building quantum-resistant applications today.

The transition to post-quantum cryptography is not a project that can be finished in a quarter. It is a multi-year effort that requires a fundamental shift in how we view data longevity. Start by auditing your dependencies, generating your CBOM, and identifying the high-risk areas where quantum-safe handshakes can be introduced. The attackers are already harvesting; it is time to start protecting.