The Federal Bureau of Investigation has issued a warning to medical and dental providers to be aware that “criminal actors” are actively targeting File Transfer Protocol servers to gain access to private information they can use to intimidate, harass and blackmail business owners.

According to the agency, attackers are particularly targeting FTP servers operating in “anonymous” mode, a mode that allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address.

“The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive [personal data] is not stored on the server.”

The targeting of healthcare providers for personal information has become epidemic, according to some, because unlike bank account details, data from the healthcare industry, which includes both personal identities and medical histories, can’t be changed. According to Brookings, since 2009 the medical information of more than 155 million Americans has been exposed in more than 1,500 breaches.

How widespread these attacks are is not made clear. The FBI only cited a University of Michigan study from 2015 titled, “FTP: The Forgotten Cloud,” that claims that more than 1 million FTP servers online were configured to allow anonymous access, potentially exposing sensitive data stored on those servers.

With the anonymous access, hackers are able to store malicious tools or launch cyber attacks to gain the personal data they are after. CloudPassage Chief Technology Officer and co-founder Carson Sweet explained to Dark Reading that cyber criminals can add data to a fraudster database or sell it on the dark web. They can also potentially use the data for blackmail, leveraging records with information patients wouldn’t want made public.

“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud,” the FBI added.

Image: Pixabay