The Federal Bureau of Investigation FBI issued a warning that cyber criminals are actively targeting File Transfer Protocol (FTP) servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI).
The federal agency said in a release that cyber criminals are targeting FTP servers to access PHI as well as personally identifiable information (PII) in order to “intimate, harass and blackmail business owners.”
According to the FBI, research conducted by the University of Michigan in 2015 titled, “FTP: The Forgotten Cloud,” indicated over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers. The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address, the FBI stated.
“While computer security researchers are actively seeking FTP servers in anonymous mode to conduct legitimate research, other individuals are making connections to these servers to compromise PHI and PII for the purposes of intimidating, harassing, and blackmailing business owners,” the FBI stated in the release.
The FBI provides the following specific guidance, which Covered Entities and Business Associates should heed:
The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI [Protected Health Information] or PII [Personally Identifiable Information] is not stored on the server.
Coupled with recent advice from FBI Director James B. Comey on ransomware, which we blogged about here, this latest guidance from the FBI demonstrates the seriousness the potential cybersecurity threats facing healthcare entities.