CS_GH1


You can protect your business and/or organisation by instituting baseline cybersecurity essentials
Fortunately, there are effective measures that can be adopted to reduce your exposure to common cyber-attacks, targeting your endpoints. More details on the recommendations can be found in our Healthcare Cybersecurity Essentials.

What is HCSE about?
MOH’s HCSE aims to provide guidance to healthcare providers on basic cybersecurity measures that can be adopted to ensure the security, confidentiality, integrity, and availability of IT assets, systems, and patient data. HCSE aims to support all healthcare providers in improving their cybersecurity posture.

The guidelines offer key recommendations which healthcare providers can implement in three steps (‘CSI’):

  1. Step 1: Create IT asset inventory
    ⦁ Know what assets you have that are of value, by creating an updated inventory of all IT assets

  2. Step 2: Secure data, detect, respond to, and recover from breaches
    Technical: Put in place technical measures such as reviewing access privileges, providing multi-factor authentication where feasible, having a plan for timely security patching and deployment of anti-malware protection, implementing controls at the network perimeter, appropriately detect data breaches through monitoring audit trails and security logs, as well as performing frequent and regular backups.
    Process: Put in place processes to ensure appropriate outsourcing and vendor management, and that employees are aware of how to report suspicious activity and potential incidents promptly as part of any obligations to prevailing legislation.
    People: Adopt measures to raise cybersecurity awareness amongst employees through relevant training on password security, logging out of websites, applications and devices, using only trusted connections and websites, as well as how to stay up-to-date on cybersecurity risks and being aware of suspicious behaviours.

  3. Step 3: Implement by putting measures into practice
    ⦁ Put in place policies and processes to ensure staff use strong passwords (e.g. use of passphrase), institute policies on incident management to ensure staff know how to report suspicious activities and potential data breaches, as well as raise staff’s cybersecurity awareness through training.
    ⦁ Consider the need for a dedicated incident response team to handle any cybersecurity incidents.
For more information on what you or your organisation can do, please refer to the HCSE.

Pre-Approved Cybersecurity Solutions under the Productivity Solutions Grant
If you are an eligible SME, you can adopt pre-approved cybersecurity solutions under the Productivity Solutions Grant (PSG) that meet your needs. These solutions have been market-tested and are meant for quick adoption to improve productivity. The PSG has been enhanced to provide up to 80% support for eligible companies, with an annual grant cap of S$30k, up till 31 March 2022.

Eligible SMEs may also approach SME Digital Tech Hub (DTH) consultants for a free specialist digital technology advisory, or business advisors at the SME Centres to find out more.

     ⦁ For more details on PSG or your eligibility, please click here.
     ⦁ For a list of the pre-approved cybersecurity solutions, please click here.

Cybersecurity Policy Template
MOH has also helped to develop a policy template which can be adapted by healthcare providers to translate HCSE into actionable policies for their organisation / practice. Please click here for the template.