Context:

Texas Governor Greg Abbott warns of potential Chinese spying through medical technology and directs state agencies to shore up data privacy by tightening safeguards on Chinese-made medical devices. The move follows federal warnings about cybersecurity vulnerabilities in certain patient monitors, aiming to strengthen procurement policies, catalog networked devices, and bolster protections at state facilities. Abbott’s directive requires agency reviews and recommendations to the governor by a set date to inform forthcoming legislation. The effort centers on preventing foreign access to Texans’ medical data and expands state-level cybersecurity oversight. Looked ahead, the state intends to propose laws to harden medical-device cybersecurity and data rights for residents.

Dive Deeper:

• Abbott sent a letter to the Texas Health and Human Services Commission, the Department of State Health Services, the Texas Cyber Command, and public university chancellors directing heightened safeguards for cybersecurity and data privacy related to medical devices of Chinese origin.

• Federal notices from the FDA and CISA highlighted vulnerabilities in specific patient monitors, including devices such as the Contec CMS8000 and Epsimed MN-120, which could allow unauthorized remote access and exfiltration of protected health information.

• Under the order, institutions must review procurement policies, catalog network-connected medical devices, and assess cybersecurity protections at state-owned facilities to ensure compliance with Executive Order GA-48.

• The Texas Cyber Command is tasked with evaluating whether certain devices should be added to the state’s prohibited-technology list and recommending further safeguards.

• Agencies must submit their reports and recommendations to the governor by April 17, a process designed to lay groundwork for the next legislative session aimed at shielding Texans’ medical data from foreign adversaries.