FBI Issues Cyber Warning Regarding Use of FTPs by the Healthcare Industry

Protected health information (PHI) is targeted by hackers. Recently, the Cyber Division of the Federal Bureau of Investigation issued a Private Industry Notification regarding security vulnerabilities in File Transfer Protocol (FTP) servers running in anonymous mode.

According to the notification, “over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers. The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or e-mail address. The notification states that criminals are targeting FTP servers running in anonymous mode to obtain PHI in order to “intimidate, harass, and blackmail business owners.”

FTP servers are common in the medical community because of their ability to allow several researchers access to large amounts of medical data. Many times, the servers are run in anonymous mode, which means that users can access the server without submitting a password or by using a generic password. Some FTPs in anonymous mode are also configured to allow write access. This means that a hacker that connects to the server may both obtain PHI and also launch a cyberattack from within the server itself.

The FBI recommends that “medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.”