FBI Warns Doctors, Dentists Their FTP Servers Are Targets

Health care organizations that use anonymous file transfer protocol servers need to be on guard, according to a recent FBI cyber bulletin.

Attackers are trying to access files on anonymous FTP servers to find sensitive information—personal or health oriented—to “intimidate, harass and blackmail business owners,” the bulletin said. Not only could attackers mine the servers for data, they could plant malware for future schemes.

Anonymous FTP servers allow people access to files without authentication or by using generic user names and passwords. Generally, sensitive data shouldn’t be stored in them anyway, but security isn’t always a business’ primary concern. Smaller medical and dental companies often run older, and potentially poorly secured, technology, Dark Reading reported.

The bureau recommends organizations’ IT staffs identify any anonymous FTP servers on their networks and determine whether they should still be used. If so, the staffs should make sure no sensitive information is housed within them.