[BreachExchange] FBI warns medical and dental providers over anonymous hacks

Inga Goddijn inga at riskbasedsecurity.com
Wed Mar 29 19:07:47 EDT 2017


http://siliconangle.com/blog/2017/03/28/fbi-warns-medical-dental-providers-anonymous-ftp-hacks/

The Federal Bureau of Investigation has issued a warning to medical and
dental providers to be aware that “criminal actors” are actively targeting
File Transfer Protocol servers to gain access to private information they
can use to intimidate, harass and blackmail business owners.

According to the agency <https://publicintelligence.net/fbi-phi-ftp/>,
attackers are particularly targeting FTP servers operating in “anonymous”
mode, a mode that allows a user to authenticate to the FTP server with a
common username such as “anonymous” or “ftp” without submitting a password
or by submitting a generic password or e-mail address.

“The FBI recommends medical and dental healthcare entities request their
respective IT services personnel to check networks for FTP servers running
in anonymous mode. If businesses have a legitimate use for operating a FTP
server in anonymous mode, administrators should ensure sensitive [personal
data] is not stored on the server.”

The targeting of healthcare providers for personal information has become
epidemic, according to some
<http://www.pbs.org/newshour/updates/has-health-care-hacking-become-an-epidemic/>,
because unlike bank account details, data from the healthcare industry,
which includes both personal identities and medical histories, can’t be
changed. According to Brookings
<https://www.brookings.edu/wp-content/uploads/2016/07/Patient-Privacy504v3.pdf>,
since 2009 the medical information of more than 155 million Americans has
been exposed in more than 1,500 breaches.

How widespread these attacks are is not made clear. The FBI only cited
a University of Michigan study from 2015 titled, “FTP: The Forgotten
Cloud,” that claims that more than 1 million FTP servers online were
configured to allow anonymous access, potentially exposing sensitive data
stored on those servers.

With the anonymous access, hackers are able to store malicious tools or
launch cyber attacks to gain the personal data they are after. CloudPassage
Chief Technology Officer and co-founder Carson Sweet explained to Dark
Reading
<http://www.darkreading.com/attacks-breaches/fbi-attackers-targeting-anonymous-ftp-servers-in-healthcare/d/d-id/1328496>
 that cyber criminals can add data to a fraudster database or sell it on the
 dark web <https://en.wikipedia.org/wiki/Dark_web>. They can also
potentially use the data for blackmail, leveraging records with information
patients wouldn’t want made public.

“In general, any misconfigured or unsecured server operating on a business
network on which sensitive data is stored or processed exposes the business
to data theft and compromise by cyber criminals who can use the data for
criminal purposes such as blackmail, identity theft, or financial fraud,”
the FBI added.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170329/95ec9859/attachment.html>


More information about the BreachExchange mailing list