FBI Warns Healthcare Industry about Vulnerability of FTP Servers

Robinson+Cole Data Privacy + Security Insider

The FBI issued a Private Industry Alert on March 22, 2017, to health and dental providers entitled “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information” specifically warning health and dental providers about the security of FTP (file-transfer-protocol) servers.

According to the Alert, “[T]he FBI is aware of criminal actors who are actively targeting FTP servers operating in ‘anonymous’ mode and associated with medical and dental facilities to access protected health information and personally identifiable information in order to intimidate, harass and blackmail business owners.”

The Alert cites a University of Michigan research paper that concludes that there are 13.8 million FTP servers attached to the Internet, and 1.1 million of them are anonymous, which means that no password is needed to access them. Accordingly, hackers are targeting these servers to gain access to health information and sell it or use it for ransom.

Whenever the FBI issues a Private Industry Alert, it is worth paying attention. In this case, the FBI recommends that health care and dental providers assess whether FTP servers are used, and check the security of the servers. Other security experts recommend disabling the use of FTP servers altogether. At any rate, health care and dental providers may wish to make the assessment of their use and security of FTP sites a high priority.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.