FBI Warns of Cyber Attacks on Patient Health Data

The Federal Bureau of Investigation’s (FBI) Cyber Division has issued an alert to health care professionals warning of cyber attacks targeting file transfer protocol (FTP) servers to access protected health data and personally identifiable information. Such data, the FBI cautions, has been used for criminal purposes, including blackmail, identify theft and financial fraud. The alert notes that more than 1 million FTP servers are configured to allow anonymous access, potentially exposing sensitive records.

According to the FBI, the anonymous FTP extension allows users to authenticate to the server with a common username, such as “anonymous,” and without submitting a password. Hackers can also gain access by using a generic password or e-mail address. “Cyber criminals could use an FTP server in anonymous mode and configured to allow ‘write’ access to store malicious tools or launch targeted cyber attacks,” the alert states.

Dental and medical professionals are encouraged to check their networks for FTP servers running in anonymous mode. In addition, practices operating an FTP server in anonymous mode should ensure that protected health information and personally identifiable information is not stored on the server. The FBI asks health care providers to report suspicious or criminal activity to their local FBI field office or the bureau’s 24/7 Cyber Watch line (855-292-3937).

From Decisions in Dentistry. May 2017;3(5):9.