FBI warns healthcare organizations to check FTP servers
Hackers are targeting File Transfer Protocol (FTP) servers that are operating in "anonymous" mode within medical and dental organizations, the FBI warns healthcare industry stakeholders.
Criminal actors, according to the bureau, are accessing personal health information and personally identifiable information to intimidate, harass and blackmail business owners. The hackers also can configure FTP servers to give themselves “write” access to store malicious tools or launch cyber attacks.
The FBI notice references research from the University of Michigan that found more than 1 million FTP servers were configured to give hackers anonymous access that could expose data. “The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or email address,” according to the bureau.
Any misconfigured or unsecured server on a network could expose a business to blackmail, identity theft or fraud.
“The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.” The full FBI warning is available here.