Medical devices to undergo cybersecurity labelling scheme

This comes as medical devices are now more connected to the hospital and home networks.

The Cyber Security Agency of Singapore (CSA), the Ministry of Health (MOH), Health Sciences Authority (HSA) and Integrated Health Information Systems (IHiS) collaborated to develop Cybersecurity Labelling Scheme for Medical Devices [CLS (MD)] to ensure the development of secure medical devices.

In a joint statement, the parties said the labelling scheme will rate medical devices according to their levels of cybersecurity provision and incentivise manufacturers to adopt a “security-by-design approach” to develop more secure products.

“Medical devices are now increasingly connected to the hospital and home networks, in the intranet and internet. While these connected medical devices benefit patients and healthcare providers, particularly in real-time monitoring of health status, rising connectivity could also increase cybersecurity risks and compromise patients’ personal information, clinical data or treatment protocols, ultimately affecting patient health outcomes,” they said.

READ MORE: 62% of cybersecurity pros are struggling to keep up with evolving threats

The CLS (MD) uses levels of rating, each representing an additional level of testing and assessment a product has undergone.

Level 1 is the baseline regulatory requirement aligned with the current registration requirement for medical devices by the HCA.

For Levels 2, 3, and 4, the product needs to meet enhanced cybersecurity requirements such as devices and data requirements. They may also be required to pass independent third-party tests. More details for each level will be provided soon.