This week, Fortune profiled Kyle Hanslovan, the CEO of Huntress, a cybersecurity firm now valued at $3 billion. His origin story reads like something from a different era: a kid pirating video games in AOL chat rooms, recruited by the U.S. Air Force at 17, trained in offensive cyber operations, and eventually deployed on missions tied to the NSA. He slept in his car during the early days of building Huntress because venture capital wouldn't return his calls.

What caught our attention wasn't the rags-to-riches arc. It was the problem he identified that made Huntress necessary in the first place: the threat landscape had evolved, but the infrastructure protecting most organizations hadn't. Hackers were no longer just targeting Fortune 500 companies. They were going after hospitals, small businesses, and critical infrastructure, the organizations that larger security firms had overlooked.

That observation was correct in 2015. It is exponentially more urgent in 2026.

The Threat Landscape Has Evolved Again

The FBI confirmed this month that healthcare was the number one sector targeted by ransomware and cyberthreats in 2025, with 460 ransomware attacks and 182 data breaches totaling 642 cyber events. The average cost of a healthcare data breach reached $9.7 million per incident, according to IBM.

The case studies from the past twelve months alone tell the story of systemic failure. The Change Healthcare attack in 2024 compromised 193 million individuals and triggered a $22 million ransom payment, with 94% of hospitals reporting direct financial impact. UnitedHealth Group disbursed over $2 billion to affected providers. Congress described the breach as tantamount to targeting the healthcare system in its entirety.

In 2025, McLaren Health Care suffered its second ransomware attack in a single year, compromising 743,000 records. Yale New Haven Health System reported 5.5 million patients affected by a March hack. DaVita's systems were accessed by the Interlock ransomware group for nearly three weeks.

And in April 2026 alone, this month, Signature Healthcare's Brockton Hospital was forced to divert ambulances and cancel chemotherapy treatments after a ransomware attack took its systems offline. CareCloud, an EHR platform serving 45,000 medical providers, confirmed an eight-hour breach of one of its environments. ACN Healthcare was hit by the Lynx ransomware group. The Hong Kong Hospital Authority disclosed an insider threat affecting 56,000 patients.

Four breaches. Four different attack vectors. One month.

These aren't isolated incidents. They are symptoms of an architectural problem: healthcare's cryptographic and security infrastructure was built for a threat landscape that no longer exists.

The Problem Hanslovan Solved, and the One That's Coming

Hanslovan recognized that small and midsize organizations needed security infrastructure that the market wasn't providing. He built Huntress to fill that gap, and the market validated it with a $3 billion valuation.

But the gap that's opening now is different in kind, not just in scale.

Every one of the breaches described above involved data that will retain its value for decades: patient records, genomic data, Social Security numbers, insurance histories. That data is now sitting in the attacker archives. And the encryption that was supposed to protect it; RSA, elliptic curve, Diffie-Hellman, is approaching the end of its effective lifespan.

Google Quantum AI and Oratomic published independent studies in March suggesting quantum computers capable of breaking today's encryption could arrive before the end of this decade. Forrester's March 2026 report concluded that fault-tolerant quantum computing is now plausible by 2030. The Global Risk Institute places the probability of a cryptographically relevant quantum computer emerging within ten years at 28 to 49 percent.

This means the data stolen in the Change Healthcare breach, the McLaren attacks, the Yale New Haven hack, and every other healthcare breach of the last several years isn't just a current liability. It's a future one. When quantum decryption becomes feasible, every record captured under today's encryption becomes readable.

The harvest-now-decrypt-later threat model means the breach already happened. The decryption just hasn't arrived yet.

Where QVH Fits

Huntress proved that a massive, underserved market existed for organizations that needed security infrastructure but weren't being reached by legacy providers. That insight built a $3 billion company.

We believe the same structural gap exists now but the problem has shifted from endpoint detection to cryptographic infrastructure. And it cuts across every sector that handles long-lived, mission-critical data.

In healthcare, the CareCloud breach exposed a failure that exists across the entire EHR ecosystem: third-party platforms connecting tens of thousands of providers through shared cryptographic channels that were never designed for quantum-era threats. Every API call, every patient record in transit, every vendor integration is a cryptographic dependency. Enqrypta Forge, our post-quantum developer SDK, is designed for exactly this problem; it enables development teams to embed NIST FIPS 203/204/205 aligned encryption directly into healthcare applications, APIs, and data pipelines without rebuilding the systems around them. For healthcare organizations managing HIPAA-regulated data with lifetime confidentiality obligations, Enqrypta Keystone provides unified key lifecycle management; generation, rotation, revocation, and audit, across fragmented EHR environments, imaging systems, pharmacy platforms, and lab interfaces in a single cryptographic control plane. When the Change Healthcare breach exposed 193 million records because key management and access controls were fragmented across a sprawling vendor ecosystem, the failure wasn't at the perimeter. It was architectural. Keystone is built to prevent that architectural failure from repeating in a post-quantum environment.

In defense and aerospace, the challenge is different but equally urgent. Satellite communications, mission systems, and classified infrastructure operate on lifecycles measured in decades. A satellite launched today using RSA or ECC for command-channel authentication may be operationally vulnerable before it reaches mid-life, and it cannot be physically upgraded in orbit. The R1 Chip and EPI-QS Chip establish cryptographic trust at the hardware layer, providing device-level trust anchors and isolated key storage that operate independently of software environments. For defense platforms where cryptographic assurance must be embedded at the physical layer and maintained for 15 to 25 years, these hardware roots of trust are not optional, they are foundational. PhotonFlux delivers hardware-grade entropy generation, the raw randomness that underpins every cryptographic key. Without high-quality entropy at the source, even post-quantum algorithms are only as strong as the randomness behind them.

In critical infrastructure and government, the NSA's CNSA 2.0 mandates quantum-safe algorithms for new national security systems by January 2027. Federal agencies, defense contractors, and regulated industries cascading through the compliance chain all face the same operational question: how do you protect data that has already been transmitted under quantum-vulnerable encryption, and may already have been intercepted? EPI-QS Vault provides object-level quantum-resistant data protection encryption that wraps data at the object layer and travels with it, not with the network. Even if data was captured during a harvest-now-decrypt-later operation years ago, new data protected by Vault remains secure against both classical and quantum decryption. For organizations operating essential services with long operational lifecycles and CMMC, FedRAMP, or SOC 2 compliance requirements, Vault delivers the cryptographic assurance that compliance frameworks are beginning to mandate but that legacy infrastructure cannot provide.

Across every sector, the pattern is the same: quantum-vulnerable cryptography is embedded everywhere, key management is fragmented, and there is no unified control plane. The QVH platform integrates hardware roots of trust, post-quantum cryptographic software, and centralized key lifecycle management into a single architecture, one that can be deployed incrementally, protects long-lived data immediately, and evolves as standards and threats develop.

The standard has been set. The deadline is approaching. The infrastructure to execute the transition is what's missing.

Hanslovan saw the gap a decade ago and built a company to close it. We see the next one.

Quantum Vision Infrastructure for the Quantum Era.

Sources

Fortune – "This CEO pirated video games as a teen and became a hacker for the Air Force. Now he's built a $3 billion cyber firm" (April 16, 2026) https://fortune.com/2026/04/16/this-ceo-pirated-video-games-as-a-teen-and-became-a-hacker-for-the-air-force-now-hes-built-a-3-billion-cyber-firm/

FBI – Internet Crime Report: Healthcare top-targeted sector for ransomware in 2025 (April 10, 2026, via AHA) https://www.aha.org/news/headline/2026-04-10-fbi-health-care-was-top-target-ransomware-other-cyberthreats-2025

IBM – Cost of a Data Breach Report 2024 ($9.7M healthcare average) https://www.ibm.com/reports/data-breach

HIPAA Journal – Largest Healthcare Data Breaches of 2025 https://www.hipaajournal.com/largest-healthcare-data-breaches-of-2025/

HIPAA Journal – Signature Healthcare Brockton Hospital Cyberattack (April 2026) https://www.hipaajournal.com/signature-healthcare-brockton-hospital-cyberattack/

Zeron – Healthcare Data Breach 2026: CareCloud, Hong Kong Hospital Authority, Signature Healthcare, ACN Healthcare (April 2026) https://zeron.one/healthcare-data-breach-2026/

Hyperproof – Understanding the Change Healthcare Breach (Updated February 2026) https://hyperproof.io/resource/understanding-the-change-healthcare-breach/

Google Quantum AI – Securing Elliptic Curve Cryptocurrencies against Quantum Vulnerabilities (March 2026) https://quantumai.google/static/site-assets/downloads/cryptocurrency-whitepaper.pdf

Forrester – March 2026 Report on Fault-Tolerant Quantum Computing Timeline https://www.forrester.com

Global Risk Institute – 2026 Quantum Threat Timeline https://globalriskinstitute.org

NIST – Post-Quantum Cryptography Standards (FIPS 203, 204, 205) https://www.nist.gov/pqc

QVH Platform https://www.qvhinc.com/platform

Forward Looking Statement

This article contains forward-looking information within the meaning of applicable Canadian securities laws, including statements regarding the development of post quantum security infrastructure, anticipated industry migration toward post quantum cryptography, and the potential impact of evolving computational capabilities on cybersecurity frameworks.

Forward-looking information reflects management’s current expectations, estimates, projections, and assumptions as of the date of publication and is subject to known and unknown risks and uncertainties that could cause actual results to differ materially from those expressed or implied. Such risks include, but are not limited to, technological development risks, regulatory developments, adoption timelines for post-quantum standards, competitive factors, supply chain considerations, capital requirements, and general economic conditions.

Readers are cautioned not to place undue reliance on forward-looking information. Quantum Vision Holdings undertakes no obligation to update or revise forward looking information except as required by applicable securities laws.