You are here

Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information, FBI Warns

Bad guys exploit servers that allow anonymous access

In a private industry notification, the Federal Bureau of Investigation (FBI) has warned that “criminal actors” are actively targeting file transfer protocol (FTP) servers operating in “anonymous” mode and associated with medical facilities to access protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass, and blackmail business owners.

According to the notification, research conducted by the University of Michigan in 2015 found that more than one million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers. The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username, such as “anonymous” or “ftp,” without submitting a password or by submitting a generic password or email address.

Individuals are making connections to these servers to compromise PHI and PII, according to the FBI. Cyber criminals could also use an FTP server in anonymous mode and configured to allow “write” access to store malicious tools or to launch targeted cyber attacks.

“In general, any misconfigured or unsecured server operating on a business network on which sensitive data are stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes, such as blackmail, identity theft, or financial fraud,” the notification said.

The FBI recommends that medical facilities request their respective information technology (IT) services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating an FTP server in anonymous mode, administrators should ensure that sensitive PHI or PII is not stored on the server.

Source: FBI; March 22, 2017.

Recent Headlines

Despite older, sicker patients, mortality rate fell by a third in 10 years
Study finds fewer than half of trials followed the law
WHO to meet tomorrow to decide on international public heath emergency declaration
Study of posted prices finds wild variations and missing data
Potential contamination could lead to supply chain disruptions
Acasti reports disappointing results for a second Omega-3-based drug
Declining lung cancer mortality helped fuel the progress
Kinase inhibitor targets tumors with a PDGFRA exon 18 mutation
Delayed surgery reduces benefits; premature surgery raises risks