The FBI Cyber Division has issued a warning that criminal actors are actively targeting File Transfer Protocol (FTP) servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass, and blackmail business owners.
Research conducted by the University of Michigan in 2015 indicated that more than 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers.
According the FBI, the anonymous extension of FTP allows a user to authenticate to the FTP server with a common username without submitting a password or by submitting a generic password or email address.
Other individuals are making connections to these servers to compromise PHI and PII in an effort to intimidate, harass, and/or blackmail business owners.
The FBI advises medical and dental healthcare entities to have their IT services staff check networks for FTP servers running in anonymous mode. If operating a FTP server in anonymous mode is necessary, sensitive PHI or PII should not be stored on the server.