The FBI in a private industry notification warned health care providers that cybercriminals are actively targeting File Transfer Protocol (FTP) servers “operating in ‘anonymous’ mode and associated with medical and dental facilities to access protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass and blackmail business owners.”
The notification, issued March 22, cites research from 2015 indicating that more than 1 million FTP servers were configured to allow anonymous access. This anonymous extension lets a user “authenticate to the FTP server” with a common username and either bypass submitting a password or submitting a generic one.
In addition to purposes of intimidation, harassment and blackmail, cybercriminals can access some servers to store malicious tools and launch targeted cyberattacks. “In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cybercriminals who can use the data for criminal purposes such as blackmail, identity theft or financial fraud,” the notice states.
The FBI recommends that dental and medical health care entities ask their information technology personnel to check networks for FTP servers running in anonymous mode and ensure that “sensitive PHI or PII is not stored on the server.”
Health care providers can contact their local FBI field office with questions concerning the notice.