Singapore Sets Up a New Program to Evaluate Medical Devices for Cyber Security Standards

The Singapore government has recently been advocating for a newly launched Cybersecurity Labelling Scheme for Medical Devices that will help raise the bar for protection of healthcare data against cyber threats. Launched on October 16, the scheme labels medical devices based on their cybersecurity provisions assessed across four levels of security certification.

This move is part of the broader protection of sensitive health information against cyber criminals who would use such information for extortion. It is a response to incidents such as the 2019 breach that involved the leak of confidential information about people infected with HIV on the internet. As more and more medical devices are connected to various external networks, the risk of cyber threats is growing significantly.

The voluntary scheme, developed by the Cyber Security Agency of Singapore (CSA), the Ministry of Health, and other related agencies, covers devices that process personal data or connect to external systems, such as neurology devices, pacemakers, and insulin pumps. A total of 47 devices were evaluated during the 9-month trial, and four manufacturers have already obtained Level 1 certification. The other devices are still being evaluated.

For example, TIIM Healthcare, one of the participants, had its aiTriage device rated Level 1. While this device cannot connect to the Internet, their Bluetooth connectivity features motivated TIIM Healthcare to ensure they are secure.

The cybersecurity labels, which are valid for up to three years, aim to encourage manufacturers to improve cybersecurity and provide consumers with more secure medical devices.

Written by: Ames Gross – President and Founder, Pacific Bridge Medical (PBM)