The Federal Bureau of Investigation has issued a warning to the healthcare industry: Cyber-criminals are actively targeting protected health information.
In a notification issued March 22, the FBI said it is aware of criminal actors who are actively targeting File Transfer Protocol (FTP) servers—a protocol widely used to transfer data between network hosts—operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI) and personally identifiable information (PII) to intimidate, harass, and blackmail business owners.
Research conducted by the University of Michigan in 2015, “FTP: The Forgotten Cloud,” indicated that 1.1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers. The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address.
The FBI recommends that medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If companies have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.
The FBI encourages recipients to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field.