The request seeks a review of devices cleared before 2023 to protect patient data from potential foreign interference.
Senator Tom Cotton (R-Arkansas) sent a letter to acting US Food and Drug Administration (FDA) commissioner Kyle Diamantas requesting an enhanced review of medical devices manufactured in China. The request focuses on addressing potential cybersecurity vulnerabilities that could allow foreign actors to access sensitive patient health data.
Cotton highlights concerns that compromised devices could expose patients to identity theft, fraud, and medical misdiagnoses. The letter specifically references the Contec CMS8000, a networked patient monitoring device that was the subject of a Class II recall in May 2025. The FDA and the Cybersecurity and Infrastructure Security Agency (CISA) previously notified parties that the device could automatically extract patient information and allow unverified users to remotely control its operations.
“Protecting Americans’ privacy and ensuring their health data isn’t accessible to cybercriminals in adversarial nations is of utmost importance,” says Tom Cotton, United States senator, in the letter.
The FDA began requiring manufacturers to demonstrate enhanced cybersecurity safeguards to receive pre-market clearance in 2023. However, Cotton notes that these requirements do not extend to devices that were already on the market prior to the new regulations. The senator is asking the FDA and CISA to review Chinese-made medical devices cleared before March 29, 2023.
According to the letter, data exfiltration of medical information can lead to identity theft, insurance fraud, and sophisticated scams against patients. CISA also warned that remote manipulation of device data by unauthorized users could lead to misdiagnoses of conditions such as heart failure, arrhythmias, and hypertension.
ID 142387355 | Computer © Elen33 | Dreamstime.com
