Health Care Group News: FBI Releases Warning on Cyber Criminals Targeting Sensitive Information Through File Transfer Protocol Servers

Murtha Cullina
Contact

Cyber criminals are constantly seeking new ways to gain access to personal and health information and, on March 22, 2017, the FBI issued a specific warning to health care providers regarding threats to File Transfer Protocol ("FTP") servers operating in anonymous mode.

FTP is a standard network protocol that is widely used to transfer data with a network host. Generally, users will access the FTP server with a user name and password. When an FTP server is operating in anonymous mode, however, anonymous users can gain access with a common user name that is not password protected or with a generic password or email address. This unsecured access may leave the FTP server vulnerable to attack by cyber criminals.

Cyber criminals who are able to access an FTP server that stores protected health information ("PHI") or personally identifiable information ("PII") may be able to compromise such information or may use such information for criminal purposes, such as blackmail, identity theft, or fraud. Health care providers may then be responsible for reporting a breach of PHI under the Health Information Portability and Accountability Act ("HIPAA") as well as under any applicable state laws. In addition, cyber criminals may use an FTP server in anonymous mode to store malicious tools or to launch a cyber attack.

In response to this threat, the FBI recommends that health care providers specifically request that their IT professionals check their networks for any FTP servers running in anonymous mode. If there is a legitimate business purpose for operating a FTP server in anonymous mode, health care providers should ensure they do not maintain PHI or PII on the server.

The FBI’s guidance may be read here: https://info.publicintelligence.net/FBI-PHI-FTP.pdf

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Murtha Cullina | Attorney Advertising

Written by:

Murtha Cullina
Contact
more
less

Murtha Cullina on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.