Companies can be risky because of their choices and governance. Modern healthcare requires a lot of technical tools and systems, both big and small. Choices have to be made on what to purchase and use in any operation.
When we started Xillium 11 years ago, we created a policy of limited vendors and another for restricted vendor countries. The latter was in recognition of how a bad-faith state actor can compromise an entire set of companies. Working in tech decades ago, I witnessed the wholesale theft of IP from a state hacking effort. It taught me the risks.
I understand that if a powerful state actor targets an individual or company, there is little that can stop them. The government acronym APT uses the term "persistent," representing a long-term, unrelenting attack that most companies can not repel.
But in a rule-based country, we don't need to purchase equipment to provide them with an open door into our daily work and lives. Consider the source when deciding what to purchase and what systems to use.