Controlling and Protecting the HDO’s Network Airspace with AirEye
Achieve full visibility, control and immediate protection of your network airspace while ensuring compliance with HIPAA
How well do you know your HDO network airspace?
Gartner® Recognizes AirEye Technologies as a Sample Vendor in
2022 Market Guide for Medical Device Security Solutions.
1
With AirEye, HDOs build and enforce their wireless security policy.
This ensures that HDO’s staff, medical, IoT or IT devices do not connect to available networks such as Guest or a random hotspot, potentially leaking sensitive data and violating security regulations and standards.
2
Through its protection mechanism, AirEye ensures that any wireless device in the HDO’s campus does not expose the HDO’s private wired and wireless networks to unauthorized network access, device hijacking, ransomware and other malware, segmentation hopping as well as data leakage. This also includes protection for the HDO’s wireless medical devices that connect to, generate, and/or open their own Wi-Fi networks or Peer to Peer connections.
3
Unlike WIDS/ WIPS, network security or medical device security solutions, AirEye looks at the complete HDO’s airspace, including nonowned wireless devices (such as security cameras, smartphones and IoT devices) and identifies legitimate connections versus those that do not comply with the security policy and protects the HDO’s managed and unmanaged devices from unauthorized connections.
Receive visibility into your network airspace and automatically enforce your wireless security policy
AirEye Dome enables you to understand the risk posed by your network airspace and allows you to enforce your airspace security policy – ensuring that your devices communicate only on authorized networks and unauthorized devices do not connect to your networks.
Common airspace policy violations at HDOs:
-
The operator of an MRI manually connects to the Guest network to send patient data back to the EMR system
-
Patient connects its laptop to the wireless network that is generated by the portable X-ray which is used to communicate with the X-rays corresponding plates
-
The printer in the oncology department is connected to the corporate network but the receptionist turned on also its wireless capability
-
A physician’s tablet connects to an the cafeteria’s network while taking notes on a patient
Immediately prevent cyber attacks such as ransomware that leverage wireless-capable devices
AirEye Dome provides you with continuous protection of the campus airspace. AirEye Dome monitors the airspace and precisely terminates malicious connections to and from wireless-capable devices, eliminating the threat of the wireless entry points, without any impact on legitimate traffic and connections.
Example of over-the-air attacks at HDOs:
-
Ransomware introduced to a patient healthcare monitoring platform due to a sensor’s connection to a rogue AP
-
Ransomware interjected to the MRI through its wireless capability, exploiting a vulnerability on the MRI device to run remote code execution and render the MRI useless
-
Malware on the physician’s laptop milking out PII information from the EHR system and exfiltrating that data due to the laptop connected to a rogue AP
-
FragAttacks, a software-only remotebased class of attacks where the attacker directly interacts with a medical device behind the firewall, and gains full access to the corporate network without leaving any log traces
Ensure adherence to HIPAA
AirEye Dome prevents PII data leakage through non-authorized wireless networks, thus helping to comply with the HIPAA regulation.
Common airspace-related HIPAA violations:
-
A medical device technician sends patient examination results on the Guest network making them available to each visitor in the campus
-
The physician’s laptop connects to the cafeteria’s open Wi-Fi while also connected to the wired network, exposing all patient documents to every cafeteria network user
-
Administrator resets the printer’s wireless network to the Guest network and connects and prints patients files
Enforce air-gapped and network segmentation solutions
AirEye Dome enforces your airgapped and network segmentation policy by preventing over-the-air hopping between wireless networks.
Examples of over-the-air attacks that defeat network segmentation at HDOs:
-
An attacker takes control of an unpatched wireless ultrasound device in the radiology network, and propagates to the cardiology network via a dual-connected printer residing on the cardiology’s network
-
An attacker takes control of a physician’s laptop in the orthopedics network and uses the Wi-Fi interface to propagate to a Point of Sale device (POS) through its open hotspot and from there into the pharmacy network.