RFID Security in the Medical Device Industry

Protecting High-Cost Disposables from Counterfeiting Attacks

This case study looks at a medical device company marketing a device for cancer treatment. As common for this industry, the device itself is leased to hospitals or doctors and recurring revenue comes from selling probes that are used with the device for individual treatments. The probes are one-time-use disposables and must be thrown away after being used for a single procedure. The probes are high-cost items providing significant margins for the medical device company.

Anticipating a relatively low barrier for counterfeiting the company had proactively developed a RFID application in-house to prevent counterfeit and reuse of disposables. In addition to the obvious risk of revenue loss, the company also feared for patient safety and liability as a result of counterfeit disposables of inferior quality or the uncontrollable reuse of disposables bearing the danger of transmitting diseases such as HIV.

With the RFID application in place every medical device was equipped with a RFID reader and every disposable with an RFID tag. Before treatment the medical device now had the ability to verify the presence of authentic probes and could also ensure that probes were not used a second time on a different patient. After implementing the solution in the field for about a year the company still experienced a double-digit revenue loss due to counterfeits. At this point the company approached NeoCatena asking for help and exploring the NeoCatena Security System as a potential solution to solve their problem.

After analyzing the medical device in detail NeoCatena concluded that the RFID application had several implementation flaws - the security system could easily be fooled and security measures bypassed. While encryption techniques were applied as part of the solution, there was no place inside the medical device where the secret keys used for cryptographic operations could be stored securely so that they were not at risk of being extracted for counterfeiting purposes.

NeoCatena then proposed the use of RF-Wall Embedded to raise the security of the device to an adequate level. Due to its small form factor RF-Wall Embedded easily fit into the medical device. As a result RF-Wall was now adding an extra layer of security to the system: Reliable encryption of tag data, secure hardware key storage and an automatically maintained black list of probes that have already been used are just a few of the features raising the bar for attacks significantly.

Some of the features provided by RF-Wall could have been implemented in-house by the medical device company but it takes time and skill to do so. The fact that the original RFID application turned out to be inadequate demonstrates this clearly. For a medical device company whose core business is not security, it is possible, but costly, to develop the necessary security expertise themselves. However, the constant evolution of both, the technologies available to protect businesses from fraud as well as the tools available to hackers to perform ever more sophisticated attacks against them, makes this a tedious never-ending battle. In this case the company concluded it was more beneficial to outsource RFID security to experts in this field and have them customize a proven off-the-shelf solution for their specific needs.

I need the kind of protection that NeoCatena offers now, please have one of your executives call me to schedule a meeting.
I am interested in learning more about NeoCatena. I would like to attend your next webinar on this subject, please send me information.
The solutions NeoCatena describes have captured my interest, but I have several questions. Please have one of your people call me for answers.
Please send me more information on NeoCatena's solutions.