Chinese health care devices raise cybersecurity alarms in U.S. hospitals

By HPN Staff

Federal regulators are warning that certain Chinese-made health care devices in the U.S. could pose cybersecurity risks to hospitals and patients. The Food and Drug Administration and the Cybersecurity and Infrastructure Security Agency have flagged vulnerabilities in medical equipment that could allow unauthorized actors to access sensitive systems.

A particular concern is the Contec CMS800, a widely used patient monitor manufactured in Qinhuangdao, China, that tracks vital signs. Federal officials identified “anomalous network traffic” from some units sending data to a Chinese IP address not linked to the manufacturer or the hospitals using the devices.

“These cybersecurity vulnerabilities can allow unauthorized actors to bypass cybersecurity controls, gaining access to and potentially manipulating the device,” the FDA said in a safety alert last year. Officials warn that tampering could lead to health care staff administering unnecessary treatments, potentially putting patients at risk.

“Imagine a patient monitor that stops alerting doctors to a drop in a patient’s heart rate or sends incorrect readings, leading to a delayed or wrong diagnosis,” Aras Nazarovas, an information security researcher at Cybernews told CNBC. The FDA said it is not aware of any injuries or deaths linked to these cyber vulnerabilities so far.

Why it matters

Hospitals are taking the warnings seriously. The American Hospital Association has put the issue “at the top of the list for the potential for patient harm; we have to patch before they hack,” John Riggi, the AHA’s national advisor for cybersecurity and risk also told CNBC. Riggi estimates that several thousand of the monitors could be in use across the country though the exact number is difficult to determine because of the “sheer volume of equipment in hospitals.”

In the meantime, the AHA has urged member hospitals to disconnect affected devices from the internet and review cybersecurity protocols. The issue underscores how even common low-cost equipment from overseas can introduce serious security risks into U.S. health care systems.

The bigger picture

The Contec monitor is one example of a broader cybersecurity challenge facing health care. As hospitals and other providers adopt more networked technologies, the U.S. health care system faces what experts have described as “constant” cyberattacks, with ransomware and other threats multiplying over the past decade and disrupting operations, data systems and patient care across organizations of all sizes. Hospitals purchasing lower-cost equipment from China may unintentionally expose patient data to malicious actors, and experts note that these risks mirror earlier warnings about apps such as TikTok, reflecting wider national security concerns.

Some states are beginning to respond. Texas banned Chinese Communist Party-affiliated technologies from state government systems and in June 2025 created the Texas Cyber Command to detect and eliminate foreign cyber threats. Dr. Clifford Porter, a senior fellow in health care policy at the Texas Public Policy Foundation and retired U.S. Army colonel, wrote in a Fox News opinion piece that the move reflects growing awareness of foreign influence on essential American systems.

As hospitals balance cost with patient needs and the adoption of advanced technologies to improve efficiency, experts say securing connected medical devices will remain a critical priority for protecting patients and health care systems.