FBI Cyber Bulletin: Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information

Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information

Page Count: 3 pages
Date: March 22, 2017
Restriction: TLP: GREEN
Originating Organization: Federal Bureau of Investigation, Cyber Division
File Type: pdf
File Size: 444,108 bytes
File Hash (SHA-256): 3FCB4C84DDFD29C1B1903FB60E12C87DA4A08106A4CCBCFE131A89DC18424193

Download File

The FBI is aware of criminal actors who are actively targeting File Transfer Protocol (FTP) servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI) and personally identifiable information (PII) in order to intimidate, harass, and blackmail business owners.


Research conducted by the University of Michigan in 2015 titled, “FTP: The Forgotten Cloud,” indicated over 1 million FTP servers were configured to allow anonymous access, potentially exposing sensitive data stored on the servers. The anonymous extension of FTP allows a user to authenticate to the FTP server with a common username such as “anonymous” or “ftp” without submitting a password or by submitting a generic password or e-mail address.

While computer security researchers are actively seeking FTP servers in anonymous mode to conduct legitimate research, other individuals are making connections to these servers to compromise PHI and PII for the purposes of intimidating, harassing, and blackmailing business owners. Cyber criminals could also use an FTP server in anonymous mode and configured to allow “write” access to store malicious tools or launch targeted cyber attacks. In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals who can use the data for criminal purposes such as blackmail, identity theft, or financial fraud.


The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode. If businesses have a legitimate use for operating a FTP server in anonymous mode, administrators should ensure sensitive PHI or PII is not stored on the server.

Share this: