FBI issues a new cyber threat warning to healthcare sector


United States Federal Bureau of Investigation (FBI) has issued a warning to all companies operating in the healthcare sector to remain vigilant of a newly emerging cyber threat.

The law enforcement agency in its latest media briefing said that some criminal actors from abroad are trying to target protected healthcare information (PHI) and other personally identifiable info (PII) from medical facilities to intimidate, harass, and blackmail business owners.

For that reason, officials from FBI are alerting healthcare companies against the use of FTP servers operating in anonymous mode.

In general, File Transfer Protocol servers are used to transfer info between two or more hosts. But if the FTP server is tweaked to allow anonymous access (to allow users to use a common username like ‘Anonymous’ for authentication), it can expose sensitive info on servers to hackers and other cyber criminals having malicious intentions.

And according to a study made by researchers from the University of Michigan, more than 1 million FTP servers are configured to allow anonymous access in the whole of United States.

Hence, FBI has issued a notification that hackers can use the anonymous flaw in an FTP server to steal info or to launch a targeted cyber attack.

Therefore, all CIOs and CTOs of companies related to health care sector should start supervising their IT personal on this issue and see that their company’s FTP servers are not running in anonymous mode and should ensure that sensitive info related to PHI’s and PII’s is not stored on the server.

The law enforcement agency also warns the organizations that if the companies fail to pay heed to the newly issued warning then it will not only impact the sale and reputation of their respective brands but will also shatter the user’s trust in the organization on a complete note.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display