FBI warns medical and dental providers over anonymous hacks
The Federal Bureau of Investigation has issued a warning to medical and dental providers to be aware that “criminal actors” are actively targeting File Transfer Protocol servers to gain access to private information they can use to intimidate, harass and blackmail business owners.
According to the agency, attackers are particularly targeting FTP servers operating in “anonymous” mode, a mode that allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address.
“The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive [personal data] is not stored on the server.”
The targeting of healthcare providers for personal information has become epidemic, according to some, because unlike bank account details, data from the healthcare industry, which includes both personal identities and medical histories, can’t be changed. According to Brookings, since 2009 the medical information of more than 155 million Americans has been exposed in more than 1,500 breaches.
How widespread these attacks are is not made clear. The FBI only cited a University of Michigan study from 2015 titled, “FTP: The Forgotten Cloud,” that claims that more than 1 million FTP servers online were configured to allow anonymous access, potentially exposing sensitive data stored on those servers.
With the anonymous access, hackers are able to store malicious tools or launch cyber attacks to gain the personal data they are after. CloudPassage Chief Technology Officer and co-founder Carson Sweet explained to Dark Reading that cyber criminals can add data to a fraudster database or sell it on the dark web. They can also potentially use the data for blackmail, leveraging records with information patients wouldn’t want made public.
“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI added.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU