Attackers Targeting FTP Servers to Access Patient Health Data, Warns FBI

The FBI issued an alert to the healthcare industry warning of criminal actors actively targeting anonymous File Transfer Protocol (FTP) servers to access protected health information (PHI) and personally identifiable information (PII). According to the FBI’s Cyber Division, attackers are compromising such information from medical and dental entities in order to intimidate, harass and blackmail business owners. Citing research from the University of Michigan conducted in 2015, the alert said more than 1 million FTP servers were configured to operate in “anonymous” mode, potentially exposing sensitive data stored on the servers. “The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or e-mail address,” explained the alert.

“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” warned the FBI.

The agency urges medical and dental healthcare entities to request their respective IT services personnel to check networks for FTP servers running in anonymous mode. “If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored in the server,” the alert added. A recent report by the Identity Theft Resource Center (ITRC) and CyberScout revealed that U.S. data breaches in healthcare hit an all-time record high of 1,093 in 2016. The ITRC Data Breach Report 2016 also found that the healthcare industry exposed the most Social Security Numbers compared to all other industries, as well as the most records exposed due to employee error or negligence.