Hackers are targeting File Transfer Protocol (FTP) servers that are operating in "anonymous" mode within medical and dental organizations, the FBI warns healthcare industry stakeholders.
Criminal actors, according to the bureau, are accessing personal health information and personally identifiable information to intimidate, harass and blackmail business owners. The hackers also can configure FTP servers to give themselves “write” access to store malicious tools or launch cyber attacks.
The FBI notice references research from the University of Michigan that found more than 1 million FTP servers were configured to give hackers anonymous access that could expose data. “The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or email address,” according to the bureau.
Any misconfigured or unsecured server on a network could expose a business to blackmail, identity theft or fraud.
“The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.” The full FBI warning is available here.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access