What are the Cyber and Data Security Guidelines for Healthcare Providers about?
The Cyber and Data Security Guidelines for Healthcare Providers aim to provide clarity to healthcare providers on the requirements to secure the confidentiality, integrity, and availability of all health information against unauthorised access, inappropriate modification, use, disclosure, disposal, or other similar risks.
The Guidelines offer key recommendations (summarised by the acronyms below) which healthcare providers can implement:
- Cybersecurity: Update software, Secure endpoints, Backup data, and Asset management (“USB-A”).
- Data Security: Secure sensitive data, Identify and classify data assets, Access to data only for authorised users (“SIA”).
- Common Cyber and Data Security Requirements: Outsource safely and appropriately, Response to incident, Dispose assets securely, Emergency planning and contingency, Review Security (“ORDERS”).
For more information on what you or your organisation can do, please refer to the Guidelines for more details.
Available Resources and Funding to Support Providers to Digitalise and Uplift Cyber/Data Security Posture
| Resource / Grant | Who is eligible? | What does this cover? | For more details |
| IMDA / ESG Productivity Solutions Grant (PSG) | Small-Medium Enterprises (SMEs) | For pre-approved cybersecurity solutions including managed detection and response, unified threat management, and endpoint protection platforms. 50% support for eligible companies, with an annual grant cap of S$30,000
| https://www.enterprisesg.gov.sg/financial-support/productivity-solutions-grant
https://www.gobusiness.gov.sg/productivity-solutions-grant/all-psg-solutions/ |
| IMDA Chief Technology Officer-as-a-Service (CTO-aaS)
| Small-Medium Enterprises (SMEs) | CTO-aaS enables local SMEs to self-assess their digital readiness and needs, access market-proven and cost-effective digital solutions, and engage digital consultants for in-depth digital transformation strategy advisory and project management services under the SMEs Go Digital Programme. First-time usage of digital advisory and project management services is available at no cost to eligible enterprises. Subsequent usage or enhancement of services will be based on commercial agreements, should the enterprises want to continue to engage digital transformation consultants.
| https://www.imda.gov.sg/how-we-can-help/smes-go-digital/ctoaas
https://www.imda.gov.sg/how-we-can-help/smes-go-digital |
| CSA Cybersecurity Health Plan | Small-Medium Enterprises (SMEs) | A scheme with funding support as well as Cybersecurity consultants (onboarded by CSA) who will take on the role of the SMEs’ “Chief Information Security Officers” (CISO), akin to providing a CISO-as-a-Service (CISOaaS) to SMEs who may not have in-house cybersecurity personnel. The Cybersecurity Health Plan aims to tailor to SMEs’ needs and prepare them to work towards attaining CSA’s Cyber Essentials certification mark. Up to 70% co-funding support upon signing up with the CISOaaS cybersecurity consultants onboarded by CSA.
| https://www.csa.gov.sg/our-programmes/support-for-enterprises/sg-cyber-safe-programme/cybersecurity-certification-scheme-for-organisation/cybersecurity-health-plan |
| NCSS Tech-and-Go! Scheme | Social Service Agencies (SSAs) | - The National Council of Social Service (NCSS)’s Tech-and-GO! Scheme is a one-stop tech hub that supports Social Service Agencies (SSAs) in terms of grants, advisory, and consultancy services on how agencies can digitalise.
| https://www.ncss.gov.sg/our-initiatives/tech-and-go/funding-support |