FBI Notification: Cyber Criminals Targeting FTP Servers to Compromise PHI
The Federal Bureau of Investigation issued a warning that cyber criminals are actively targeting File Transfer Protocol (FTP) servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI).
The agency said in a release that cyber criminals are targeting FTP servers to access PHI as well as personally identifiable information (PII) in order to “intimate, harass and blackmail business owners.”
According to the FBI, research conducted by the University of Michigan in 2015 titled, “FTP: The Forgotten Cloud,” indicated over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers. The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address, the FBI stated.
“While computer security researchers are actively seeking FTP servers in anonymous mode to conduct legitimate research, other individuals are making connections to these servers to compromise PHI and PII for the purposes of intimidating, harassing, and blackmailing business owners,” the FBI stated in the release.
Cyber criminals could also use an FTP server in anonymous mode and configured to allow “write” access to store malicious tools or launch targeted cyber attacks. In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft or financial fraud, the FBI stated.
The agency recommends medical and dental healthcare organizations request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server, the agency advised.
The FBI encourages organizations to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). Field office contacts can be identified at www.fbi.gov/contact-us/field. CyWatch can be contacted by phone at 855-292-3937 or by e-mail at [email protected].