Texas Governor Greg Abbott has issued a directive to state health agencies and public university systems, urging them to address potential cybersecurity risks associated with Chinese-manufactured medical technology. The move comes amid concerns that sensitive patient data could be accessed by foreign actors, prompting a review of existing safeguards and procurement policies.

Key Takeaways

• Texas Governor Greg Abbott has ordered state health agencies and public universities to review cybersecurity risks related to Chinese-made medical devices.

• The directive aims to prevent potential breaches of sensitive patient data and protect critical healthcare infrastructure.

• Federal warnings from the FDA and CISA about vulnerabilities in certain Chinese patient monitors prompted Abbott's action.

• Agencies must submit reports and recommendations by April 17, 2026, with potential legislative proposals to follow.

Addressing Cybersecurity Threats

Governor Abbott's directive specifically targets potential vulnerabilities in medical devices manufactured in China. He emphasized the paramount importance of protecting Texans' physical security and personal privacy, stating, "I will not let Communist China spy on Texans." The order mandates that state-owned medical facilities ensure robust safeguards are in place to protect private medical data and critical medical infrastructure.

Federal Warnings Spur Action

The directive follows recent notices issued by the U.S. Food and Drug Administration (FDA) and the Cybersecurity and Infrastructure Security Agency (CISA). These federal agencies warned of cybersecurity vulnerabilities in certain Chinese-manufactured patient monitoring devices, such as the Contec CMS8000 and Epsimed MN-120. These vulnerabilities could allow unauthorized remote access and the exfiltration of protected health information, confirming expert warnings about the proliferation of smart medical devices from China.

Mandated Reviews and Future Legislation

Under Abbott's order, state health agencies and public higher education systems are required to review their procurement policies to ensure compliance with existing executive orders. They must also catalog all network-connected medical devices and assess the cybersecurity protections at state-owned medical facilities. The Texas Cyber Command is tasked with reviewing whether specific devices should be added to the state's prohibited technology list and recommending further safeguards. Agencies are required to submit their reports and recommendations to the governor's office by April 17, 2026. Abbott plans to use these findings to propose legislation in the next session aimed at further protecting Texans' medical data from foreign adversaries.

Sources

• Greg Abbott warns Texas agencies about Chinese medical device spying, Fox News.

• Abbott issues another directive combatting Chinese cyber threats - Texas, The Black Chronicle.

• Texas governor orders health agencies to address Chinese cyber risk in patient monitoring devices |StateScoop, StateScoop.

• Texas Governor orders cybersecurity audit of Chinese medical devices over data breach risks, FOX 7 Austin.

• Gov. Abbott Orders Review of Chinese-Made Medical Devices Over Cybersecurity Concerns, San Angelo LIVE!.