It was only a matter of time until cybercriminals would target the healthcare sector once again. According to a recent FBI warning, it appears that is exactly what is happening right now. The government agency is concerned with medical and dental organizations potentially falling victim to an attack against anonymous FTP servers. In doing so, the criminals hope to obtain patient records to sell on the darknet.
Anonymous FTP Servers In Healthcare?
On paper, it may sound strange to learn there are anonymous FTP servers used by healthcare and dental organizations. That is not as uncommon as one would think, though, as these servers are often used to exchange information between service providers. This is also what makes them a prone target to cybercriminals, as they would be able to extract patient records from breaching the FTP servers in question.
To be more specific, potential hackers could be interested in two types of information. First of all, there is the protected health information, which will fetch a nice price on the darknet. Second, there is personally identifiable information which can be used for forging subscriptions and so on. Both types of data is stored on these anonymous FTP servers, which is quite worrisome. Such sensitive information should never be hosted on servers that can be accessed by anyone using the correct credentials.
To make matters even worse, accessing these servers is a trivial matter for skilled hackers. Users can authenticate to the server with a common username and no password, or even a generic password. This goes to show none of these FTP servers are adequately protected. At this stage, it is seemingly only a matter of time until this information falls into the wrong hands. In fact, these FTP servers were designed to host anything but sensitive data, yet that does not seem to be the case right now.
Making healthcare information accessible to third parties is vital, yet it should never come at the cost of sacrificing security. For some reason, at least one unsecured server has been discovered by the FBI. On this particular server, sensitive information is stored, which can be accessed by anyone who knows where to look. Rest assured criminals will eventually find this server and take advantage of the nearly non-existent security measures.
According to the FBI warning, mainly small healthcare businesses suffer from lackluster server security. That is not entirely surprising, as these organizations do not have the budget or the means to upgrade their technology to the next level. With security not being a top priority, such institutions leave the door wide open for criminals to enter. Moreover, these small organizations do not want to change their security measures in most cases, which only makes the situation worse.
Stealing data may eventually be the least of concerns for healthcare organizations using anonymous FTP servers. Assailants could spread malicious software through these servers as well. A malware or ransomware attack through an anonymous FTP server is not entirely out of the question at this point in time. Such a server can also be used for distributed pirated content in the form of an FXP server. Something will need to change sooner rather than later, that much is certain.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.