The Federal Bureau of Investigation (FBI) Cyber Division has issued an alert to warn healthcare industry regarding malicious actors who are actively targeting File Transfer Protocol (FTP) servers which allow anonymous access.
According to law enforcement agency, these attackers have targeted FTP servers of medical and dental facilities to obtain access to protected health information and personally identifiable information (PII), and use it to intimidate, blackmail and harass business owners.
“FBI recommends the medical and dental healthcare entities to request their respective IT services personnel and check networks for the FTP servers. If the businesses have any legitimate use for operating FTP server in the anonymous mode, administrators must ensure sensitive PHI or PII is not stored on these servers,” FBI said.
The agency cited the research conducted back in 2015 by University of Michigan, which has shown that more than one million of FTP servers are configured for the anonymous access. All these servers allow users to authenticate with only a username, like “anonymous” or “ftp,” and either a generic password or no password at all.
“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cybercriminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI warned.
In 2015, IBM named healthcare as the most attacked industry, with more than 100 million records compromised, after in the previous year this sector did not even make it to the top five. An IBM report for 2016 showed that the volume of compromised records was smaller, but the number of data breaches increased, causing operational, reputational and financial damage to healthcare organisations.
A report published recently by Fortinet showed the top threats targeting healthcare companies in the last quarter of 2016, including ransomware, malware, exploit kits, IPS events and botnets.