FBI Warns of Cyber Threat in Healthcare Sector

Patterson Belknap Webb & Tyler LLP
Contact

The FBI is warning the healthcare sector of a new cyber threat. In a Notification issued last week, the FBI said that it is “aware of criminal actors who are actively targeting” protected healthcare information (“PHI”) and other personally identifiable information (“PII”) from medical facilities “to intimidate, harass, and blackmail business owners.”

The warning targets File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to transfer information between hosts. But when an FTP server is configured to allow anonymous access – “potentially exposing sensitive data stored on servers” – a user is often able to authenticate to the FTP server by using a common username like “anonymous.” A University of Michigan study found that more than 1 million FTP servers are configured to allow anonymous access.

According to the FBI Notification, hackers can use an FTP server in anonymous mode to steal information or to launch a targeted cyber-attack. The FBI recommends that healthcare facilities consult with their IT personnel to “check networks for FTP servers running in anonymous mode [and] [i]f businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.”

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP
Contact
more
less

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.