New scheme aims to enhance safety of connected healthcare technologies
Singapore has launched a voluntary scheme to rate medical devices based on their cyber-security provisions, aiming to prevent potential data breaches and safeguard patient information.
Details of the Scheme
Unveiled on October 16, 2024, by Senior Minister of State Janil Puthucheary, the Cybersecurity Labelling Scheme for Medical Devices evaluates devices for compliance with cyber-security standards. The initiative targets technologies such as pacemakers, insulin pumps, and ventilators, especially those connected to networks or handling sensitive health data.
Cyber-Security Threats in Healthcare
With cyber-attacks increasingly targeting healthcare, safeguarding patient information has become critical. Past incidents, like the 2019 data breach exposing 14,200 individuals’ confidential HIV information, underline the need for proactive measures.
Michael Cheng, COO of TIIM Healthcare, emphasized the importance of cyber-security for their device, aiTriage, which analyzes patient data to detect serious chest pain cases. Despite being Bluetooth-enabled rather than internet-connected, aiTriage was rated Level 1 under the scheme during a nine-month sandbox trial.
How the Ratings Work
The labelling scheme categorizes devices into four levels:
Level 1: Meets baseline requirements.
Level 2: Includes enhanced protections.
Level 3: Requires third-party penetration testing.
Level 4: Demands rigorous independent security evaluations.
Devices receive labels valid for three years, requiring manufacturers to provide security updates during this period.
Collaborative Efforts
Developed by the Cyber Security Agency of Singapore (CSA), Ministry of Health, Health Sciences Authority (HSA), and Synapxe, the scheme follows a successful trial involving 19 manufacturers and 47 devices. The CSA also signed agreements with Korea and Germany to recognize cyber-security labels mutually, enhancing global cooperation.
Encouraging Adoption
The initiative builds on the success of a similar program for IoT devices launched in 2020, which has issued over 500 labels to date. Manufacturers can now apply for the medical device labelling scheme via the GoBusiness platform.
