FBI warns healthcare organizations about FTP threat

Hackers are targeting poorly secured file transfer protocol (FTP) servers to access protected health information (PHI), store malicious tools, or launch cyberattacks, according to an alert released by the FBI March 22. Hackers are exploiting FTP servers configured to allow anonymous mode. In anonymous mode, a user can access the FTP server and files stored on it using a common username such as “anonymous” or “ftp” without entering a password or by entering a generic password and email address.

Organizations should check their networks for FTP servers operating in anonymous mode. If an FTP server must operate in anonymous mode for legitimate reasons, it should not be used to store PHI or other sensitive information. Hackers may use access to any sensitive information to blackmail or harass organizations or to commit identity theft. Compromised information could be altered, encrypted, deleted, or sold.

Suspicious or criminal activity can be reported to local FBI field offices or the FBI’s cybercrime division, Cyber Watch. Organizations can contact Cyber Watch at CyWatch@ic.fbi.gov or 855-292-3937. Victims of cybercrime can file reports with the Internet Crime Complaint Center.