Industries · Healthcare

Sensitive medical equipment, opened only — for approved service.

Imaging, lab equipment, and bedside devices keep vendor service paths open between cases. AirGapNet replaces that always-reachable line with a window you approve and that auto-closes when work is done.

Request a pilot See maintenance flow

Healthcare ransomware impact, UHS 2020

$67M

Ryuk ransomware forced 400 hospitals into paper workflows and delayed critical care across the United States. The malware reached clinical systems through always-open service paths.

Source: BleepingComputer

Attack surfaces

Four paths that almost never need to be reachable.

Each one carries a real operational need — and stays open between calls because no one wants to break the part that worked the one day it was needed.

Imaging vendor remote support

MRI, CT, and ultrasound vendors keep a permanent VPN into the imaging subnet for diagnostics. The same path runs 365 days a year, even when no service is scheduled.

Lab analyzer service tunnels

Lab instrument vendors push firmware and calibration over an always-on remote tunnel. Compromise of the vendor's account reaches the laboratory network instantly.

Bedside device updates

Infusion pumps, monitors, and bedside terminals get patches over the clinical LAN. The same patch path stays reachable between updates — to a hostile actor it is a route into clinical care.

EHR / PACS integration paths

EHR and PACS systems exchange records through internal service ports. When one workstation is compromised, lateral movement to those service ports is the typical attack pattern.

How it maps

Real scenarios. Concrete fix.

Pick the scenario closest to your floor. The mapping below is what changes once AirGapNet sits on the service path.

Imaging vendor needs to apply a CT firmware patch on a Saturday night.

AGN1 opens the path to the CT only during the scheduled window. The rest of the week, the device is not electrically reachable from outside the modality network.

Lab analyzer reports calibration drift; vendor wants 20 minutes of remote support.

Open a one-time SMS-triggered window from the lab IT phone. Window auto-closes after 30 minutes. No always-on tunnel.

Hospital is being scanned by a ransomware actor looking for bedside devices.

AGN1 in front of the bedside subnet means the scan returns no reachable services — the path physically does not exist outside scheduled windows.

Recommended setup

AGN2 on the rack. AGN1 per machine.

A typical mid-sized site uses one rack-mount AGN2 for vendor and admin networks, plus per-machine AGN1 units on the lines that matter most.

AGN2

Server room — between clinical subnets and admin/vendor networks

Typical · 1 rack

AGN1

Per-modality — in front of imaging, lab, and bedside subnets

Typical · 4–10 units

AGN1

PACS/EHR integration line — between EHR server and external integrations

Typical · 1–2 units

What changes

After rollout, four things stop being possible.

AirGapNet is a hardware switch, not a policy. The change is measurable from the network side, not just in process documents.

Vendor remote support is scheduled, not permanent
Imaging and lab paths return to a physical break between cases
Bedside device updates are time-boxed at the hardware layer
Audit log on the device captures every window open/close

Go deeper on the Healthcare angle.

Industry

HIPAA and medical devices: what hardware can — and can't — claim

HIPAA does not certify hardware. It asks for outcomes. Where physical isolation contributes to the technical safeguards a hospital already runs — and where the "HIPAA-compliant device" pitch is wrong.

Read article

Field notes

How to retire the always-on vendor VPN

The vendor account that opens one CNC in practice has line-of-sight to the whole subnet. A field guide to replacing the permanent integrator tunnel with a scheduled physical window.

Read article

Field notes

OT maintenance windows: closing is the hard part

Opening a maintenance window is easy. Closing it on time, every time, is the part incidents are made of. The pattern where the close runs on a timer, not on an operator remembering.

Read article

Or read across all of it:How it works Case studies Full blog

Pilot in your hospital

Start with one modality, one ward, one week.

Pick the modality with the largest vendor-access exposure, ship a single AGN1, and run one full maintenance window with your biomedical IT team.

Request a pilot Other industries