Workshops Healthcare HNDL Patient Data
Healthcare Half Day Workshop

Harvest-Now-Decrypt-Later Threats to Patient and Genomic Data

This workshop examines Harvest-Now-Decrypt-Later threats to long-retained patient and genomic data, for healthcare professionals and data stewards.

Half day (4 hours)
In person or online
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

Patient health records are retained for decades. GP records in England are kept for 10 years after death. Mental health records, 20 years after last contact. Paediatric records, until the patient turns 25. Genomic data, indefinitely. And genomic data is categorically different from other health data on one dimension: it cannot be anonymised. A DNA sequence is the unique identifier of the individual. NHS Genomics England's National Genomic Research Library holds over 110,000 clinically linked whole genomes. 23andMe's 2023 breach exposed 6.9 million individuals' genetic data. An adversary who harvests encrypted genomic sequences today and decrypts them in 2035 has not compromised historical records. They have compromised individuals who will still be alive, will still have living relatives, and whose genetic information will still be relevant to insurance, employment, and law enforcement.

This workshop helps information governance and security teams map their data retention obligations against cryptographic exposure windows, with a dedicated module on genomic data as a permanently non-anonymisable data class. The session covers GDPR Article 9 special category data obligations as they intersect with quantum cryptographic risk, GDPR Article 32 and Recital 83 (state of the art in security), NIS2 cryptographic requirements for essential entities, the NHS DSPT trajectory, and how to communicate quantum data risk to hospital boards and Caldicott Guardians. Participants leave with a remediation priority matrix that ranks datasets by sensitivity, retention period, permanent identifiability, and current encryption strength.

What participants cover

  • HNDL attack model: timeline estimates from NCSC, ANSSI, BSI, and NIST for cryptographically relevant quantum computers
  • Genomic data as a permanently identifiable data class: why standard anonymisation does not apply and what this means for HNDL risk
  • NHS records retention schedule mapped to cryptographic exposure: which data categories face the longest risk window
  • GDPR Article 9 special category data and Article 32 "state of the art": when does failure to adopt PQC become a compliance breach
  • NIS2 essential entity obligations and the June 2025 ENISA implementing guideline recommending quantum-resistant algorithms
  • Board communication: presenting quantum data risk to non-technical governance committees and Caldicott Guardians

Preliminary Agenda

Half-day session structure with a scheduled break. Content is configurable to your organisation's data classification requirements and governance structure.

# Session Topics
1 HNDL in Practice Evidence of state-level data harvesting campaigns against healthcare
2 Data Retention Mapping Exercise Your records, your exposure windows
  • NHS retention schedule analysis
  • Exposure window calculation methodology
  • Priority ranking by data sensitivity and retention period
Break, after 45 min
3 Genomic Data: Permanent Identifiability NHS Genomics England and the 23andMe precedent
  • Why DNA sequences cannot be anonymised
  • 110,000+ clinically linked whole genomes at risk
  • Insurance, employment, and law enforcement implications
4 Regulatory Landscape GDPR Articles 9 and 32, NIS2, ENISA June 2025 guideline, NHS DSPT
  • GDPR Article 9 special category data obligations
  • Article 32 state of the art and Recital 83
  • NIS2 essential entity requirements for cryptographic protection
  • ENISA June 2025 implementing guideline
5 Remediation Priority Matrix and Board Briefing Building the case for information governance committees
  • Dataset ranking: sensitivity, retention, identifiability, encryption strength
  • Caldicott Guardian communication framework
  • Board briefing simulation exercise
6 Q&A and Action Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and healthcare systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

HC

Healthcare Sector Partners

Domain expertise and clinical validation

Healthcare-specific workshops are co-delivered with sector specialists who bring direct operational experience in NHS trusts, private hospital groups, pharmaceutical R&D, and medical device manufacturing. This ensures workshop content is grounded in regulatory, clinical, and operational realities.

Commission This Workshop

Sessions are configured around your organisation's data classification requirements and governance structure. Get in touch to discuss requirements and schedule a date.

Contact Us
Healthcare Workshops All Consulting Services All Workshops