Abstract In this paper, a secure mutual authentication scheme for an RFID implant system is developed. An insecure communication channel between a tag and a reader makes the RFID implant system vulnerable to attacks and endangers the user's safety and privacy. The proposed scheme relies on elliptic curve cryptography and the D-Quark lightweight hash design. Compared to the available public-key cryptosystems, elliptic curve-based cryptosystems are the best choice due to their small key sizes as well as their efficiency in computations. The D-Quark lightweight hash design is tailored for resource constrained pervasive devices, cost, and performance. The security analysis of the proposed authentication scheme revealed that it is secure against the relevant threat models and provides a higher security level than related work found in the literature. The computational performance comparison shows that our work has 48% less communication overhead compared to existing similar schemes. It also requires 24% less total memory than the other approaches. The required computational time of our scheme is generally similar to other existing schemes. Hence, the presented scheme is a well-suited choice for providing security for the resource-constrained RFID implant systems.