Cotton to FDA: Investigate Dangerous Chinese-Manufactured Medical Devices

FOR IMMEDIATE RELEASE
Contact: Hannah McCarthy (202) 465-5601
May 26, 2026

Cotton to FDA: Investigate Dangerous Chinese-Manufactured Medical Devices

Washington, D.C. - Senator Tom Cotton (R-Arkansas) today sent a letter to Acting U.S. Food and Drug Administration (FDA) Commissioner Kyle Diamantas requesting enhanced review of medical devices manufactured in Communist China to address potential cybersecurity vulnerabilities. Compromised Chinese-made medical devices give malign foreign actors access to sensitive personal health data, potentially exposing American patients to identity theft, fraud, extortion, and dangerous medical misdiagnoses.

In part, Senator Cotton wrote:

"Protecting Americans' privacy and ensuring their health data isn't accessible to cybercriminals in adversarial nations is of utmost importance. I look forward to working with you on this matter."

Full text of the letter may be found here and below.

May 26, 2026

Kyle Diamantas
Acting Commissioner
U.S. Food and Drug Administration
10903 New Hampshire Ave.
Silver Spring, MD 20993

Dear Acting Commissioner Diamantas:

I write to express concerns regarding cybersecurity vulnerabilities associated with networked medical devices manufactured in China. American patients' exposure to compromised Chinese-made medical devices poses a risk to both national security and public health.

On January 30, 2025, the Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA) notified parties of cybersecurity vulnerabilities associated with the Contec CMS8000, a networked patient monitoring device manufactured in Communist China. The FDA found the device would automatically extract personally identifiable patient health information when connected to the internet. Data exfiltration of sensitive medical information can lead to widespread identity theft, insurance fraud, extortion, and more sophisticated scams against American patients. CISA also warned the device was programmed to allow unverified users to remotely control the device without a health provider's knowledge. This gave malign Chinese actors an opportunity to directly manipulate how the device operates and displays data, potentially leading to dangerous misdiagnoses of heart failure, arrhythmias, and hypertension. On May 14, 2025, FDA issued a Class II recall of the Contec CMS8000.

The FDA started requiring medical device manufacturers to demonstrate enhanced cybersecurity safeguards to receive FDA pre-market clearance in 2023. But this requirement did not extend to medical devices on the market prior to the enactment of the enhanced cybersecurity requirements. Thus, more must be done to protect Americans from compromised medical devices.

I respectfully ask the FDA and CISA to review Chinese-made medical devices cleared prior to March 29, 2023. Protecting Americans' privacy and ensuring their health data isn't accessible to cybercriminals in adversarial nations is of utmost importance. I look forward to working with you on this matter.

Sincerely,

Tom Cotton
United States Senator

###