You walk into a hospital expecting the machines keeping you alive to be on your side. The beeping monitors, the infusion pumps dripping medication into your veins, the pacemaker ticking away in your chest — all of it working for you. At least, that’s the deal. But what if the equipment watching over your grandmother’s heart rate was also phoning home to Beijing?
The Backdoor Nobody Asked For
Back in January 2025, the FDA and the Cybersecurity and Infrastructure Security Agency dropped a warning that should’ve had every hospital administrator in America reaching for the Tums. Patient monitors made by Contec Medical Systems — a Chinese outfit based in Qinhuangdao — had a hidden backdoor baked right into the hardware. These monitors, sitting in hospitals coast to coast, were quietly shipping sensitive patient data to a hard-coded IP address in China.
Let that marinate. Your blood pressure, your oxygen levels, your heart rhythm — all of it, gift-wrapped and FedExed to a server under CCP jurisdiction.
And here’s where it gets stupid. The backdoor didn’t just leak data. It allowed remote code execution. Meaning some operative sitting in a government building in Qinhuangdao could theoretically manipulate what the monitor displays. Show a nurse the wrong vitals. Trigger a bad call. In a hospital. On a real patient.
There’s no patch. No software update. The FDA basically said “good luck.” For Beijing, this wasn’t a glitch — it was the whole point.
China’s Law Says It All
China’s 2017 National Intelligence Law is the part of this story people keep forgetting. That law requires — not asks, requires — every Chinese company to cooperate with state intelligence operations the moment Beijing snaps its fingers. Contec doesn’t get to say no. Neither does any other CCP-linked tech company selling devices into American hospitals. When the Party says “open the door,” the door opens. Period.
Trump spotted this problem before most of Washington could even spell “supply chain vulnerability.” In September 2025, his administration launched a Section 232 national security investigation into medical equipment imports. Investigators found CCP-linked devices embedded not just in hospitals but in U.S. government-funded research labs. Trump didn’t tiptoe around this — he brought a bulldozer to a problem the bureaucrats had been stepping over for years.
Texas Said “Enough”
But while Congress did what Congress does best — absolutely nothing — Texas got to work. Governor Greg Abbott banned CCP-affiliated technologies from state government systems and signed legislation creating the Texas Cyber Command to actively hunt foreign threats. Late last year, he expanded the state’s prohibited technology list to include 26 more China-linked companies. Attorney General Ken Paxton started filing lawsuits against these firms like a man on a mission.
Now the Texas Public Policy Foundation — where the article’s authors Chuck DeVore and Dr. Clifford Porter work — has sent a letter to state leaders cosigned by 53 members of the legislature. The ask is straightforward: direct state health agencies to bar CCP-linked medical devices from procurement, audit existing contracts for vulnerabilities, and create incentives for American-made equipment.
As they put it:
“No Texas patient should have their medical data transmitted to a server in China, or potentially their medical care disrupted or held hostage by the CCP. No Texas hospital should remain one firmware update away from undetected interference.”
DeVore — a retired Army lieutenant colonel and former California legislator — and Porter — a retired Army colonel and physician — aren’t academics guessing at threats from a faculty lounge. They’ve spent careers studying exactly these kinds of national security weak points.
The Rest of America Is Watching
Here’s where this story is headed. Texas will pass these procurement standards. Other red states will follow — Florida, Ohio, maybe Georgia. Blue states will drag their feet because admitting China is a threat apparently violates some unwritten progressive bylaw. Congress will eventually catch up, roughly three years after it mattered, and claim credit for the whole thing.
Meanwhile, the real question hangs in the air like a flatlined EKG: how many other Chinese-made devices are sitting in American hospitals right now, quietly doing exactly what Beijing designed them to do?
We survived COVID’s supply chain disaster by the skin of our teeth. The next crisis won’t be a shortage of masks. It’ll be a firmware update that turns a hospital’s monitoring system into a hostage situation — and by then, “we should’ve acted sooner” won’t save a single patient.
Texas isn’t waiting for that lesson the hard way. Smart money says you shouldn’t either.