Senator Tom Cotton (R-AR) has urged the Food and Drug Administration (FDA) to strengthen regulations on medical devices manufactured in China to safeguard patient data and hospital integrity following several cybersecurity breaches. In a letter to acting FDA Commissioner Kyle Diamantas, Cotton requested that the FDA revise its standards to require older medical devices to undergo cybersecurity clearance similar to that mandated for new devices.
The FDA implemented a requirement for enhanced cybersecurity safeguards for medical devices seeking premarket clearance in March 2023; however, older devices currently on the market are exempt from this testing. Cotton expressed concerns in his letter, which was also sent to the Cyber and Infrastructure Security Agency, stating that compromised medical devices pose risks to both national security and public health.
He referenced a previous FDA discovery regarding the Contec CMS8000, a medical monitor that could automatically extract patients' personally identifiable health information when connected to the internet. Cotton highlighted that this data extraction could expose patients to identity theft and other fraudulent activities. He also noted that the device could allow unauthorized users to remotely control it, potentially leading to dangerous misdiagnoses.
According to FDA records, around 7,000 of these monitors were recalled, yet some remain in use in hospitals without a clear record of their numbers nationwide. A significant portion of U.S. hospitals rely on Chinese-made medical equipment, with 14% of all medical equipment and over 50% of basic medical supplies sourced from China, as per a 2025 analysis from the journal American Affairs. As of 2024, China's medical device industry was valued at approximately $84.55 billion globally, with hospital diagnosis and treatment equipment being the largest export category at $22.26 billion.