The FBI has issued a private industry warning that attackers are targeting anonymous file transfer protocol (FTP) servers in the healthcare industry. The attackers appear to be seeking protected health information (PHI) and personally identifiable information (PII). The FBI recommends that healthcare organizations check their networks for FTP servers running in anonymous mode, and if they have a reason for operating those servers, to ensure that they do not hold PHI or PII.
The FBI warning focuses on the data breach risks of having anonymous FTP services in use on your network. Equally important these days is the risk anonymous FTP raises of attackers inserting illegal or embarrassing content on those servers and then either involving your company in illegal activities or threatening to expose your hosting of the content unless extortion payments are made. Don't leave anonymous FTP servers active just because they are not hosting sensitive info.
Attacks against the healthcare industry have been on the rise for the past several years. The value of HPI data to criminals and, additionally, the value of this very personal information to nation-states who may use it to build "dossiers" on people they may try to compromise, has increased this information as a target. Add to that the increased "healthcare target space," in terms of more organizations pushing this data to the network, and increased medical IoT devices collecting/storing/transmitting this sensitive information, and you've got a recipe for significant exploitation.
See full report at https://securityledger.com/2017/03/fbi-warns-medical-offices-exposed-ftp-servers-are-a-target/