Senator Tom Cotton urges FDA to review pre-2023 Chinese-made medical devices after cybersecurity vulnerabilities in recalled patient monitors exposed thousands to data theft and remote device hijacking. On May 26, Tom Cotton, a U.S. Senator from Arkansas, published a letter to acting FDA Commissioner Kyle Diamantas regarding cybersecurity vulnerabilities associated with networked medical devices manufactured in China. FDA warns of data theft from Chinese patient monitors At the beginning of 2025, FDA and the Cybersecurity and Infrastructure Security Agency warned patients about cybersecurity vulnerabilities associated with the Contee CMS8000, a networked patient monitoring device manufactured in China. During the investigation, FDA determined that the device would take personally identifiable patient health information from users when connected to the internet. On May 14, 2025, FDA issued a Class II recall of the Contee CMS8000. According to FDA records, seven thousand monitors were recalled, yet they remain on the market today. Beginning in 2023, FDA started requiring medical device manufacturers to demonstrate enhanced cybersecurity safeguards to receive FDA pre-market clearance. This requirement did not impact medical devices that received clearance prior to 2023.
“I respectfully ask the FDA and CISA to review Chinese-made medical devices cleared prior to March 29, 2023. Protecting Americans' privacy and ensuring their health data isn't accessible to cybercriminals in adversarial nations is of utmost importance,” Cotton wrote in his request. “The challenge is particularly acute with Class III medical devices, which sustain or support life and pose the greatest risk to patients if compromised. FDA estimates that 164 out of every 1,000 devices remain vulnerable to cyberattacks.” Section 232, part of the Trade Expansion Act of 1962, allows the Secretary of Commerce to determine the effects on the national security of imports of personal protective equipment, medical consumables, and medical equipment including devices. The implementation of 232 impacted China, a key trading partner to the U.S. and a top manufacturer of medical devices. “We've seen a big shift out of the Chinese manufacturing market because in addition to the IEEPA tariffs, they were also subject to the Section 301 tariffs that were implemented back in 2018 and 2019 under the first administration. And so moving manufacturing or having a partnered firm or manufacturer/supplier outside of China is probably a better long term strategy that does come with the cost of capital investment and shopping around and so forth,” Chinese manufacturers supply half of U.S. hospital consumables In March 2025, the Senate Intelligence Committee held hearings that exposed longstanding industry concerns about Chinese manufacturers. These hearings revealed a pattern in which Chinese entities intentionally installed vulnerabilities in devices.
Senator Tom Cotton's call for FDA to review pre-2023 Chinese-made medical devices underscores growing bipartisan concern over cybersecurity vulnerabilities in connected healthcare technology. As the Trump Administration's tariffs and Section 232 investigation pressure manufacturers to relocate operations outside China, the medical device industry faces a critical inflection point: balancing supply chain dependencies with national security imperatives. With Chinese manufacturers supplying half of U.S. hospitals' basic consumables and FDA estimating 164 out of every 1,000 devices remain vulnerable to cyberattacks, the stakes for patient safety and data security have never been higher. “American patients' exposure to compromised Chinese-made medical devices poses a risk to both national security and public health,” Cotton wrote in the letter. Cotton warned that this kind of data extraction may lead to identity theft, insurance fraud, extortion, and more sophisticated scams against American patients. CISA noted that Contee CMS8000 was programmed to allow unverified users to remotely control the device without a health provider's knowledge. Texas governor launches state investigation This letter comes two months after Greg Abbott, the governor of Texas, ordered agencies in the state to investigate connected medical devices made in foreign countries with a specific focus on those manufactured in China. The investigation focuses on devices used in state-owned facilities, which Abbott believes could pose cybersecurity risks for patients and workers.
Source: Read the original report | Published: May 27, 2026