FBI Warns Medical Offices: Exposed FTP Servers are a Target

In-brief: The FBI is telling medical and dental offices to lock down anyFile Transfer Protocol (FTP) servers in their environments, warning that cyber criminals are searching for exposed FTP servers as a pathway to sensitive networks and protected health information (PHI). 

The U.S. Federal Bureau of Investigation (FBI) is telling medical and dental offices to lock down any File Transfer Protocol (FTP) servers in their environments, warning that cyber criminals are searching for exposed FTP servers as a pathway to sensitive networks and protected health information (PHI).


Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.


The Bureau issued a Private Industry Notification (PNI) on March 22nd about the threat, saying that it is “aware of criminal actors who are actively targeting FTP servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI) and personally identifiable information (PII). The goal may be to “intimidate, harass, and blackmail business owners,” the FBI said.

FTP servers are often used to transfer sensitive documents and other files between offices, but are overlooked IT infrastructure that can be vulnerable to hacking. Medical devices and offices often contain built-in FTP capabilities that are used to transfer files to clinical staff or offices. Security researchers warn that thousands of such systems are exposed to the public Internet at any time and vulnerable to tampering. Research conducted in 2015, for example, used the Shodan search engine and other reconnaissance methods to identify thousands of sensitive systems that are exposed to the Internet and vulnerable to remote attack, including drug infusion systems, MRI imaging machines, anesthesia systems and more. Credentials for services like Telnet and FTP as well as root accounts and service logins were among the information uncovered in that canvas.

The FBI recommended medical and dental healthcare organizations to instruct their IT services staff to check networks for FTP servers running in anonymous mode and make sure any servers that must operate in anonymous mode do not contain PHI or PII.