Controlling and Protecting the HDO’s Network Airspace with AirEye
Achieve full visibility, control and immediate protection of your network airspace while ensuring compliance with HIPAA
With AirEye, HDOs build and enforce their wireless security policy.
This ensures that HDO’s staff, medical, IoT or IT devices do not connect to available networks such as Guest or a random hotspot, potentially leaking sensitive data and violating security regulations and standards.
Through its protection mechanism, AirEye ensures that any wireless device in the HDO’s campus does not expose the HDO’s private wired and wireless networks to unauthorized network access, device hijacking, ransomware and other malware, segmentation hopping as well as data leakage. This also includes protection for the HDO’s wireless medical devices that connect to, generate, and/or open their own Wi-Fi networks or Peer to Peer connections.
Unlike WIDS/ WIPS, network security or medical device security solutions, AirEye looks at the complete HDO’s airspace, including nonowned wireless devices (such as security cameras, smartphones and IoT devices) and identifies legitimate connections versus those that do not comply with the security policy and protects the HDO’s managed and unmanaged devices from unauthorized connections.
AirEye Dome enables you to understand the risk posed by your network airspace and allows you to enforce your airspace security policy – ensuring that your devices communicate only on authorized networks and unauthorized devices do not connect to your networks.
The operator of an MRI manually connects to the Guest network to send patient data back to the EMR system
Patient connects its laptop to the wireless network that is generated by the portable X-ray which is used to communicate with the X-rays corresponding plates
The printer in the oncology department is connected to the corporate network but the receptionist turned on also its wireless capability
A physician’s tablet connects to an the cafeteria’s network while taking notes on a patient
AirEye Dome provides you with continuous protection of the campus airspace. AirEye Dome monitors the airspace and precisely terminates malicious connections to and from wireless-capable devices, eliminating the threat of the wireless entry points, without any impact on legitimate traffic and connections.
Ransomware introduced to a patient healthcare monitoring platform due to a sensor’s connection to a rogue AP
Ransomware interjected to the MRI through its wireless capability, exploiting a vulnerability on the MRI device to run remote code execution and render the MRI useless
Malware on the physician’s laptop milking out PII information from the EHR system and exfiltrating that data due to the laptop connected to a rogue AP
FragAttacks, a software-only remotebased class of attacks where the attacker directly interacts with a medical device behind the firewall, and gains full access to the corporate network without leaving any log traces
AirEye Dome prevents PII data leakage through non-authorized wireless networks, thus helping to comply with the HIPAA regulation.
A medical device technician sends patient examination results on the Guest network making them available to each visitor in the campus
The physician’s laptop connects to the cafeteria’s open Wi-Fi while also connected to the wired network, exposing all patient documents to every cafeteria network user
Administrator resets the printer’s wireless network to the Guest network and connects and prints patients files
AirEye Dome enforces your airgapped and network segmentation policy by preventing hopping from wireless to wired networks and preventing hopping from wired to wired networks over the air.
An attacker takes control of an unpatched wireless ultrasound device in the radiology network, and propagates to the cardiology network via a dual-connected printer residing on the cardiology’s network
An attacker takes control of a physician’s laptop in the orthopedics network and uses the Wi-Fi interface to propagate to a Point of Sale device (POS) through its open hotspot and from there into the pharmacy network.