The rapidly growing use of data communication in medical devices raises the possibility of cybercrime and attacks on the users’ personal data. Concerning this issue, the Ministry of Health (MoH), Cyber Security Agency of Singapore (CSA), the Health Sciences Authority (HSA), and the Integrated Health Information Systems (IHiS) announced the “Cybersecurity Labelling Scheme for Medical Devices” [CLS(MD)] to provide a better and more secure Singaporean cyberspace. A consultation period for the new scheme is open from January 23 to March 3, 2023.

The scheme applies to medical devices as defined in the First Schedule of the Health Product Act (Cap 122D, 2008 Rev Ed) and includes devices that handle personal identifiable information and clinical data, and has the ability to collect, store, process, or transfer such data. Also included are devices that communicate with other systems using wired and / or wireless communication protocols via network of connections.

HSA explained several key items under review in their official announcement on their website, covering: the framework of cybersecurity levels with 38 clauses, testing laboratories’ requirement, labelling requirement of CLS(MD), the validity of the label, and the CLS(MD) application process for currently available devices.

The MoH, CSA, HSA, and IHiS welcome comments and feedback from the public on the framework from 25 January 2023 to 17:00 on 3 March 2023. The consultation form is available at and can be emailed to



Public Consultation for the Proposed Framework and Implementation of the Cybersecurity Labelling Scheme for Medical Devices, CLS(MD)