Workshops Healthcare Medical Device Security
Healthcare Half Day Workshop

Quantum Security for Connected Medical Devices and IoMT

This workshop equips healthcare technology teams with practical strategies to secure connected medical devices against emerging quantum threats.

Half day (4 hours)
In person or online
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

A hospital trust operating a modern estate has several thousand connected devices. Infusion pumps, ventilators, pacemakers, insulin delivery systems, imaging equipment, wearable monitors. Every device that communicates over a network uses cryptography. Most of that cryptography is RSA or ECC, implemented in firmware that was written years ago and certified against a specific algorithm suite that cannot be changed without regulatory re-approval. That is not a future problem. It is a current liability, because adversaries are harvesting device communications traffic now with the intention of decrypting it once quantum capability arrives.

The FDA made cryptographic agility a premarket submission requirement in its June 2025 final guidance, the third iteration of its medical device cybersecurity framework. Under FD&C Act Section 524B, FDA now has authority to refuse device submissions lacking cryptographic resilience planning. For NHS trusts and private hospital groups managing existing device fleets, the question is sequencing: which devices present the highest quantum cryptographic risk, and how do you build a remediation programme that does not disrupt clinical operations? This workshop provides the risk triage framework, covers the regulatory requirements across US, UK, and EU jurisdictions (including the post-Brexit divergence between MHRA and EU MDR/IVDR), and works through the practical constraints of deploying lightweight PQC algorithms on resource-limited embedded systems.

What participants cover

  • FDA June 2025 final guidance and FD&C Act Section 524B: premarket submission requirements for cryptographic agility
  • Cryptographic exposure analysis by device class: infusion pumps, ventilators, DICOM/PACS imaging, wearable RPM
  • Resource-constrained PQC: CRYSTALS-Kyber and SPHINCS+ on ARM Cortex-M embedded systems with limited flash
  • IEC 62443-4-2 security capability requirements applied to medical device quantum risk classification
  • MHRA and EU MDR/IVDR divergence: navigating post-Brexit regulatory expectations for cryptographic device updates
  • Fleet triage framework: prioritising devices by cryptographic exposure, update capability, and remaining clinical life

Preliminary Agenda

Half-day session structure with a scheduled break. Content is configurable to your team's technical level and device estate composition.

# Session Topics
1 The Quantum Threat to Medical Devices What makes IoMT different from enterprise IT
2 Device Fleet Risk Assessment Exercise Categorising your estate
  • Device classification by cryptographic exposure level
  • Network communication protocol analysis
  • Firmware update capability assessment
Break, after 45 min
3 FDA June 2025 Guidance and FD&C Act 524B What has changed and what it means
  • Premarket submission requirements for cryptographic agility
  • Post-market surveillance obligations
  • Manufacturer versus operator responsibilities
4 PQC on Constrained Hardware What runs on medical device firmware
  • CRYSTALS-Kyber key encapsulation on ARM Cortex-M
  • SPHINCS+ signature verification performance
  • Memory and power constraints for battery-operated devices
5 DICOM and PACS Quantum cryptographic exposure in radiology and imaging infrastructure
  • DICOM protocol cryptographic dependencies
  • PACS storage and transmission vulnerabilities
  • Cross-site imaging data sharing risks
6 Fleet Remediation Roadmap Building a phased device migration plan
  • Priority sequencing by clinical risk
  • Vendor engagement and procurement language
  • Budget and timeline modelling
7 Q&A and Next Steps

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and healthcare systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

HC

Healthcare Sector Partners

Domain expertise and clinical validation

Healthcare-specific workshops are co-delivered with sector specialists who bring direct operational experience in NHS trusts, private hospital groups, pharmaceutical R&D, and medical device manufacturing. This ensures workshop content is grounded in regulatory, clinical, and operational realities.

Commission This Workshop

Sessions are configured around your team's technical level, device estate composition, and regulatory jurisdiction. Get in touch to discuss requirements and schedule a date.

Contact Us
Healthcare Workshops All Consulting Services All Workshops