The FBI is warning the healthcare sector of a new cyber threat. In a Notification issued last week, the FBI said that it is “aware of criminal actors who are actively targeting” protected healthcare information (“PHI”) and other personally identifiable information (“PII”) from medical facilities “to intimidate, harass, and blackmail business owners.”
The warning targets File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to transfer information between hosts. But when an FTP server is configured to allow anonymous access – “potentially exposing sensitive data stored on servers” – a user is often able to authenticate to the FTP server by using a common username like “anonymous.” A University of Michigan study found that more than 1 million FTP servers are configured to allow anonymous access.
According to the FBI Notification, hackers can use an FTP server in anonymous mode to steal information or to launch a targeted cyber-attack. The FBI recommends that healthcare facilities consult with their IT personnel to “check networks for FTP servers running in anonymous mode [and] [i]f businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.”
