Governor Greg Abbott (R) has directed state agencies and public medical institutions to review cybersecurity risks linked to medical equipment manufactured in the People's Republic of China, citing concerns about the potential exposure of sensitive patient data.
Gov. Abbott instructed the Texas Health and Human Services Commission, the Texas Department of State Health Services, and public university systems across the state to examine cybersecurity safeguards and procurement policies related to foreign-manufactured medical devices used in state-owned facilities.
"Maintaining Texans' physical security and protecting their personal privacy, especially personal medical data, is of paramount importance," said Gov. Abbott. "I will not let Communist China spy on Texans. State-owned medical facilities must ensure there are safeguards in place to protect Texans' private medical data and our critical medical infrastructure."
The directive follows warnings issued earlier this year by the Cybersecurity and Infrastructure Security Agency and the U.S. Food and Drug Administration, which identified security vulnerabilities in certain Chinese-manufactured patient monitoring devices. Federal officials said the flaws could potentially allow unauthorized actors to remotely access protected health information.
Abbott said he notices reinforced concerns raised by cybersecurity experts about the increasing presence of Chinese-made smart medical devices within U.S. healthcare systems.
The governor also pointed to several recent state actions aimed at countering perceived threats from the Chinese government. Those steps include expanding the state's prohibited technology list to limit certain foreign technologies in government systems, creating the Texas Cyber Command to strengthen statewide cybersecurity operations, and signing legislation restricting land purchases by foreign adversaries.
State agencies are now expected to evaluate whether additional cybersecurity protections or procurement changes are needed to safeguard patient information and the broader healthcare infrastructure across Texas.
Abbott's directive signals increased scrutiny of foreign-manufactured technology used in Texas medical systems. State agencies will now assess potential cybersecurity vulnerabilities as part of broader efforts to protect sensitive patient data.
