Effectively Fighting Fake Medical Products

How to deal with an increasing number of counterfeit goods at very low cost.


Counterfeit goods have long existed. The worldwide ‘black market’ for brand-name items like purses and sunglasses is estimated to exceed $460B (Los Angeles Times, 2017). While fashion brands make up the majority of this illicit market, a very concerning trend is the rising amount of counterfeit medical products, including equipment, medicines, and vaccines.

The World Health Organization (WHO) estimates that 1 in 10 medical products in low- and middle-income countries is substandard or falsified. International efforts to clamp down on black market medical products have had some success. In 2017, the World Customs Organization (WCO), Interpol, and law enforcement from more than 123 countries successfully executed ‘Operation Pangea X’, seizing approximately $51 million worth of counterfeit medicines and medical devices and closing more than 3,500 websites.

In addition to a significant rise in counterfeit medicines and vaccines, there has a been a dramatic increase in the amount of counterfeit medical equipment. Notably, there have reports of fake dental and surgical products, including $7M of fake aortic pumps recently recalled in the United States.

The ramifications of counterfeit fashion items are largely financial. The ramifications of counterfeit medical equipment are treatment errors, surgical errors, and even patient deaths. With these much greater risks, medical equipment makers are turning to anti-counterfeiting technologies to ensure that only genuine equipment is used, increasing patient safety.

There are multiple approaches to detecting counterfeit equipment. Some manufactures are using smart packaging, which uses various technologies to allow health care providers to verify products prior to use to ensure they are authentic. However, this method involves financial investment in dedicated equipment that may not be within the budgets of some hospitals. It also requires the manual checking of devices each and every time prior to use.

One emerging approach is the inclusion of anti-counterfeiting cores within the actual electronics of the medical equipment. In this promising method, the medical equipment manufacturers embed hardware-based anti-counterfeiting cores within their connected equipment during the design and manufacturing process. These cores can authenticate the medical equipment automatically during operation, using proprietary security methods within the medical device. Additionally, medical device makers are enabling secure IoT-based connections to their devices. Through these IoT services, in-field medical devices can be authenticated using secure connections to OEM services. These services also can enable secure firmware updates, eliminating the risk of nefarious parties hacking devices through malicious code updates.

Medical professionals also want the ability to authenticate peripheral medical devices, which can be one-time-use surgical devices, power supplies, or other equipment. To address this need, medical manufacturers also are embedding similar anti-counterfeiting technologies into those peripheral devices. When connected to each other, the host and peripheral devices can perform a ‘challenge/response’, which involves the use of a cryptographic key stored in the host system root of trust. When designed correctly, the challenge/response process is automatic upon power-up and peripheral device connection. If the host system or peripheral device does not receive the correct information from the other side, the device should be disabled and the medical professional alerted to the presence of a counterfeit (and possibly dangerous) device.

Device OEMs also need to be conscious of ongoing attempts at cloning and counterfeiting their devices. If a nefarious party was able to reverse engineer or discover secret cryptographic keys contained within the device, that knowledge could be exploited to enable any counterfeit device to be deemed authentic. Anti-counterfeiting technologies need to be designed to ensure they remain secret, and resistant to attacks like glitching/fault induction, power analysis (SPA/DPA), crypto-analysis, and others.

The use of anti-counterfeiting technologies in medical devices will reduce the number of counterfeit devices in use and will enable greater patient safety.

Leave a Reply

(Note: This name will be displayed publicly)