Hackers are aiming at File Transfer Protocol servers that are operating in "anonymous" mode within medical and dental agencies, the FBI warns healthcare industry stakeholders.
Criminal actors, in accordance to the bureau, are accessing personal health information and personally identifiable data to intimidate, harass and blackmail business owners. The hackers also can configure File Transfer Protocol servers to provide themselves “write” access to store malicious devices or launch cyber attacks.
The FBI notice references research from the institute of University of Michigan that discovered more than one million FTP servers were configured to provide hackers anonymous access that could expose information. “The anonymous extension of FTP permits a consumer to authenticate to the FTP server with a usual username like ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or email address,” in accordance to the bureau.
Any misconfigured or unprotected server on a network could expose a business to blackmail, identity theft or fraud.
“The FBI suggests medical and dental healthcare organizations request their respective Information Technology (IT) services personnel to monitor networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should make certain that sensitive PHI or PII isn’t stored on the server.” The complete FBI warning is available here.
Wednesday, March 29, 2017
FBI cautions healthcare agencies to check File Transfer Protocol servers
Labels:
Data Security,
FBI,
File Transfer Protocol,
FTP,
PHI
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment