Cybersecurity

Texas governor orders health agencies to address Chinese cyber risk in patient monitoring devices

“I will not let Communist China spy on Texans,” Gov. Greg Abbott wrote in a recent letter directing state health agencies to undertake a series of preventative cybersecurity actions.

By Colin Wood

March 9, 2026

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Gov. Greg Abbott speaks at a primary election night event hosted by the Young Conservatives of Texas and the Texas Young Republicans at Cedar Door Patio Bar & Grill in Austin on March 3, 2026. (Jay Janner / The Austin American-Statesman via Getty Images)

Texas Gov. Greg Abbott on Monday issued a letter directing state agencies and state-owned medical facilities to address a cybersecurity threat related to medical devices made in China.

In a letter addressed to the heads of the state’s cyber command, health services department and human services department, Abbott flagged recent notices issued by the Cybersecurity and Infrastructure Security Agency and Food and Drug Administration warning of vulnerabilities in Chinese-manufactured patient monitoring devices. The risks, he wrote, include “unauthorized actors” accessing sensitive medical and personal information. Protecting such data, the governor wrote, is “of paramount importance.”

“I will not let Communist China spy on Texans,” Abbott’s letter reads. “State-owned medical facilities must ensure there are safeguards in place to protect Texans’ private medical data.”

The letter includes a bulleted list of actions agencies are to take, including a review of all state-owned medical facilities and ensuring that any new medical devices purchased comply with a 2014 executive order limiting the acquisition or use of technologies, including the short-form video platform TikTok, made by adversarial nation states, such as China.

Abbott in his letter calls on the state agencies and Texas’ higher education institutions to catalog any medical devices that can transmit data and to review cybersecurity policies related to the protection of personal health information. His letter also flags a couple of devices in particular — the Contec CMS8000 and Epsimed MN-120 patient monitors — as being on the state’s prohibited technologies list.

The governor will allow agencies until April 17 to comply with his orders. Abbott added that he plans to propose a bill in the next legislative session “to protect Texans’ medical data from foreign hostile actors like Communist China.”

The letter is but Texas’ latest reaction to Chinese influence in the state. Texas Attorney General Ken Paxton last month announced he would file a series of lawsuits against Chinese companies, and filed one immediately against TP-Link Systems Inc., the American arm of the networking equipment maker, headquartered in Irvine, California.

Since last year, the Texas state government has also operated a “hostile foreign adversaries unit,” a Department of Public Safety office ostensibly created to combat cybersecurity attacks and malign influence campaigns emanating from all adversarial foreign nations, though legislative testimony leading up to the unit’s creation last year showed that China was the state’s primary concern.