FBI warned that Protected health information (PHI) & Personally identifiable information (PII) are being accessed by criminals through insecure File transfer protocol (FTP) servers in order to intimidate, harass and blackmail business owners. “Research conducted by the University of Michigan in 2015 titled, ‘FTP: The Forgotten Cloud,’ specified over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers,” the FBI said in its alert. “The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or email address.” Any mis-configured or unsecured server operating on business network on which sensitive data is stored exposes to data theft.
The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.
Telegenisys has never trusted any single line of security. We layer multiple levels of security and audit usage of each. Know more