Sen. Tom Cotton (R-AR) on Wednesday proposed legislation that aims to protect American patients from Chinese-based cyberthreats lurking in Chinese-made networked medical devices.
“Communist Chinese-made medical devices threaten the privacy and safety of every American patient. My bill would crack down on these dangerous devices,” Cotton told Breitbart News in a written statement.
Cotton proposed the Countering Chinese Cyberthreats for Patients (Countering CCP) Act, a bill that would:
- Direct the Food and Drug Administration (FDA) and the Cybersecurity Infrastructure Security Agency (CISA) to conduct a retroactive review of legacy Chinese-made networked medical devices to identify potential cybersecurity risks.
- Direct the FDA to recall any Chinese-made network devices that pose cybersecurity risks to American patients
- Have the Health and Human Services (HHS) Department as well as CISA submit a report to Congress describing cyber preparedness of the U.S. medical industry, Chinese market share of medical devices made in the United States, and find methods to bolster cybersecurity preparedness of the U.S. medical device industry
Cotton Cyber Medical Bill by jmanship
Cotton proposed the legislation after he voiced concerns to the FDA in May about cybersecurity issues with networked medical devices made in China.
“I write to express concerns regarding cybersecurity vulnerabilities associated with networked medical devices manufactured in China. American patients’ exposure to compromised Chinese-made medical devices poses a risk to both national security and public health,” Cotton wrote to Kyle Diamantas, the Acting FDA Commissioner.
He explained the issues surrounding Chinese-made networked medical devices:
The FDA found the device would automatically extract personally identifiable patient health information when connected to the internet. Data exfiltration of sensitive medical information can lead to widespread identity theft, insurance fraud, extortion, and more sophisticated scams against American patients. CISA also warned the device was programmed to allow unverified users to remotely control the device without a health provider’s knowledge. This gave malign Chinese actors an opportunity to directly manipulate how the device operates and displays data, potentially leading to dangerous misdiagnoses of heart failure, arrhythmias, and hypertension. On May 14, 2025, FDA issued a Class II recall of the Contee CMS8000.
“The FDA started requiring medical device manufacturers to demonstrate enhanced cybersecurity safeguards to receive FDA pre-market clearance in 2023,” the Arkansas senator wrote. “But this requirement did not extend to medical devices on the market prior to the enactment of the enhanced cybersecurity requirements. Thus, more must be done to protect Americans from compromised medical devices.”
“Protecting Americans’ privacy and ensuring their health data isn’t accessible to cybercriminals in adversarial nations is of utmost importance. I look forward to working with you on this matter,” he concluded in his letter to the FDA.
Read the full article here