INFRA
INFRA
INFRA
FBI warns medical and dental providers over anonymous hacks
The Federal Bureau of Investigation has issued a warning to medical and dental providers to be aware that “criminal actors” are actively targeting File Transfer Protocol servers to gain access to private information they can use to intimidate, harass and blackmail business owners.
According to the agency, attackers are particularly targeting FTP servers operating in “anonymous” mode, a mode that allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address.
“The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive [personal data] is not stored on the server.”
The targeting of healthcare providers for personal information has become epidemic, according to some, because unlike bank account details, data from the healthcare industry, which includes both personal identities and medical histories, can’t be changed. According to Brookings, since 2009 the medical information of more than 155 million Americans has been exposed in more than 1,500 breaches.
How widespread these attacks are is not made clear. The FBI only cited a University of Michigan study from 2015 titled, “FTP: The Forgotten Cloud,” that claims that more than 1 million FTP servers online were configured to allow anonymous access, potentially exposing sensitive data stored on those servers.
With the anonymous access, hackers are able to store malicious tools or launch cyber attacks to gain the personal data they are after. CloudPassage Chief Technology Officer and co-founder Carson Sweet explained to Dark Reading that cyber criminals can add data to a fraudster database or sell it on the dark web. They can also potentially use the data for blackmail, leveraging records with information patients wouldn’t want made public.
“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI added.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
