Cybersecurity Labelling Scheme for Medical Devices - CLS(MD)

Cybersecurity Labelling Scheme for Medical Devices

Announced by Dr Janil Puthucheary, Senior Minister of State for Communications and Information, at the Singapore International Cyber Week 2022, the Cybersecurity Labelling Scheme for Medical Devices [CLS(MD)] is part of the efforts from the Ministry of Health (MOH), Cyber Security Agency (CSA), Health Sciences Authority (HSA), and Synapxe (formerly known as Integrated Health Information Systems) to better secure Singapore’s cyberspace and to raise cyber hygiene levels in medical devices. 

Under the voluntary CLS(MD), medical devices are rated according to 4 levels of cybersecurity provisions and assessments, and the cybersecurity label for medical devices would provide an indication of the level of security in medical devices. The label aims to improve security awareness by making the cybersecurity provisions of medical devices more transparent to healthcare users and empowers them to make informed purchasing decisions.

The scope of the CLS(MD) applies to medical devices as described in the First Schedule of the Health Product Act (Cap122D, 2008 Rev Ed) and have any of the following characteristics: 

  • Handles personal identifiable information (PII) and clinical data and has the ability to collect, store, process, or transfer such data;
  • Connects to other devices, systems, and services - Has the ability to communicate using wired and / or wireless communication protocols through a network of connections.

The CLS(MD) is currently in the sandbox phase. Click here for more details.

Please send any enquiries on the Cybersecurity Labelling Scheme for Medical Devices to