FBI warns of cybercriminals targeting healthcare servers

An FBI notice says FTP servers used by healthcare organizations are vulnerable to cyberattacks.

The FBI has warned healthcare organizations of cybercriminals targeting unsecured servers to launch coordinated cyberattacks and use stolen patient information to blackmail providers.

Allowing anonymous access to File Transfer Protocol (FTP) servers commonly used to transfer data has left healthcare institutions vulnerable to criminals that access protected health information (PHI) and personally identifiable information (PII) “for the purposes of intimidating, harassing, and blackmailing business owners,” according to a private industry notification (PDF) issued by the FBI.

Earlier this month, the Institute for Clinical Infrastructure Technology urged the healthcare industry to invest in artificial intelligence to combat ransomware threats.

RELATED: FBI's James Comey—Cybersecurity too big to tackle alone

Although anonymous access to FTP servers is often used by researchers for legitimate purposes, cybercriminals can also access the server to “store malicious tools or launch targeted cyberattacks.” The FBI recommended healthcare organizations check their networks for FTP servers running on anonymous mode and remove any sensitive information on those servers.

FBI Director James Comey recently told a group of cybersecurity leaders that healthcare data is a high-value target for cybercriminals and pushed for a collaborative approach to cybersecurity. Last month a GAO report reiterated security concerns among federal agencies, including health insurance marketplaces.

Suggested Articles

A New Orleans-based genetic testing company will pay $42.6 million to resolve False Claims Act and kickback allegations.

Virtual primary care is a new way to deliver healthcare.

FierceHealthcare caught up with former ONC and Veterans Affairs' official Genevieve Morris for our latest Executive Spotlight.