16 Oct 2024

Cybersecurity

Launch of Cybersecurity Labelling Scheme for Medical Devices


Share this article

CSA, HSA, MOH and Synapxe launches cybersecurity labelling scheme for medical devices

Media Factsheet

The Cyber Security Agency of Singapore (CSA), the Ministry of Health (MOH), Health Sciences Authority (HSA) and Synapxe have jointly developed the Cybersecurity Labelling Scheme for Medical Devices [CLS(MD)], a voluntary scheme where medical devices are rated according to their levels of cybersecurity provisions. 

In Singapore, medical devices currently must be registered with HSA and meet regulatory requirements, including cybersecurity, before they can be imported, distributed and sold locally. HSA's cybersecurity requirements are harmonised with the recommendations set by the International Medical Device Regulators Forum, a group of international medical device regulators that aims to accelerate global regulatory harmonisation and convergence. 

However, as medical devices become increasingly connected to hospital and home networks, potentially elevating cyber risks, there is a need to take a proactive measure to enhance the cybersecurity safeguards for medical devices.

Hence, Singapore developed this “first-in-the-world” multi-levelled CLS(MD), similar to the Cybersecurity Labelling Scheme for consumer smart devices launched in 2020. The scheme seeks to improve medical device security by incentivising manufacturers to adopt a security-by-design approach. It will enable consumers and healthcare providers to make more informed decisions about the security of such devices prior to purchase and usage.

The scope of the CLS (MD) applies to medical devices as defined in the First Schedule of the Singapore Health Products Act and which handle personal identifiable information and clinical data, or are able to connect to other devices, systems and services. Applications for the CLS(MD) are now open and can be made at the GoBusiness platform. The scheme comprises four levels, with each additional level reflecting further testing and assessment that the product has undergone. The requirements for each level are below. 

Level

CLS(MD)'s Requirement

Level 1

The product meets baseline cybersecurity requirements.
 Level 2 The product meets enhanced cybersecurity requirements. 
 Level 3 The product meets enhanced cybersecurity requirements and will be required to pass independent third-party software binary analysis and penetration testing. 
Level 4 The product meets enhanced cybersecurity requirements and will be required to pass independent third-party software binary analysis and security evaluation. 

 

The launch of CLS(MD) follows the completion of the sandbox phase from October 2023 to July 2024, where medical device manufacturers were invited to put their medical devices to the test and provide feedback on the scheme. The sandbox received 47 applications across all four levels from 19 manufacturers of devices such as In Vitro Diagnostic Analysers, Software as a Medical Device and more. Based on feedback collected, the requirements and processes of the scheme have been refined, such as providing more clarity on the application process and assessment methodology with clearer templates to guide the industry on how to meet the minimum requirements. 

Mr Michael Cheng, Chief Operating Officer of TIIM Healthcare, said, "We are pleased to be the first to achieve Level 1 of the CLS(MD) through the sandbox phase for aiTriage v1, our AI-powered decision support tool that assists clinicians in evaluating patients during chest pain triage. Participating in the sandbox shows our commitment to enhancing cybersecurity in medical technology. As we recognise that cybersecurity is an ongoing journey, we are also working towards ISO 27001 certification to further strengthen the cybersecurity of our products."

The CLS(MD) was developed in consultation with industry, including the Asia Pacific Medical Technology Association (APACMed) and Singapore Manufacturing Federation – Medical Technology Industry Group (SMF - MTIG), with representatives from multinational corporations and small and medium enterprises. For further information such as the finalised publications, including the templates and more details on each level, please visit www.csa.gov.sg/cls-md or write to cls_md@csa.gov.sg.  

About the Cyber Security Agency of Singapore

Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore's cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions, and works with sector leads to protect Singapore's Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister's Office and is managed by the Ministry of Communications and Information. For more news and information, please visit www.csa.gov.sg.

About the Health Sciences Authority (HSA)

The Health Sciences Authority (HSA) applies medical, pharmaceutical and scientific expertise through its three professional groups, Health Products Regulation, Blood Services and Applied Sciences, to protect and advance national health and safety. HSA is a multidisciplinary authority. It serves as the national regulator for health products, ensuring they are wisely regulated to meet standards of safety, quality and efficacy. As the national blood service, it is responsible for providing a safe and adequate blood supply. It also applies specialised scientific, forensic, investigative and analytical capabilities in serving the administration of justice. For more details, visit www.hsa.gov.sg/.

The Health Products Regulation Group (HPRG) of HSA ensures that medicines, innovative therapeutics, medical devices and health-related products are wisely regulated and meet appropriate safety, quality and efficacy standards. It contributes to the development of biomedical sciences in Singapore by administering a robust, scientific and responsive regulatory framework.

About Synapxe

Synapxe is the national HealthTech agency inspiring tomorrow’s health. The nexus of HealthTech, we connect people and systems to power a healthier Singapore. Together with partners, we create intelligent technological solutions to improve the health of millions of people every day, everywhere. Reimagine the future of health together with us at www.synapxe.sg.  

 

Related articles

X

By continuing to use and navigate this website, you consent to the use of cookies in accordance with our Privacy Policy.

Confirm