In October, Singapore plans on starting a 90-day trial to determine the cybersecurity risk of medical devices. This is a joint effort between Singapore’s MOH, the Cyber Security Agency and the National Health Technology Agency (Synapxe). The fear is that some devices that keep people alive like pacemakers, defibrillators, respiratory ventilators, and others, can be hacked. Also, some diagnostic devices that are attacked could yield inaccurate diagnoses and subsequent inappropriate treatment plans. According to the Cyber Security Agency, about 15% of Singapore’s medical devices are connected to the internet via local hospitals and home systems. Thus, this trial will rate medical devices in terms of their cybersecurity and hopefully lead doctors and patients to choose safer products.
For this trial, there will be 4 levels of cybersecurity ratings and labels. Devices labeled Level 1 will have reached basic cyber-security standards. Devices labeled Level 2 will have reached enhanced cyber-security requirements. Finally, devices labeled Level 3 and Level 4 will have met Level 2 standards but also need to meet third-party software security evaluation and binary analysis. Once this trial is over, Singapore plans to roll out this cybersecurity labeling process for all appropriate devices in Singapore. To help device companies that do not have the cybersecurity expertise to do this, the Singapore Cyber Security Agency will develop a training program for device makers.
Written by: Ames Gross – President and Founder, Pacific Bridge Medical (PBM)
Mr. Gross founded PBM in 1988 and has helped hundreds of medical companies with regulatory and business development issues in Asia. He is recognized nationally and internationally as a leader in the Asian medical markets. Mr. Gross has a BA degree, Phi Beta Kappa, from the University of Pennsylvania and an MBA from Columbia University.
Source used in the article: https://www.straitstimes.com/singapore/trial-to-rate-medical-devices-based-on-cybersecurity-to-be-launched-on-oct-20