FBI Issues Dental Patient Data Security Alert

March 31, 2017
Joe Hannan

The FBI says that hackers are attacking unsecure file transfer protocol systems in dental practices. Many of these servers, the FBI says, also contain sensitive patient information. The hackers are then using this information to blackmail dental practice owners, authorities say, noting that this type of breach can also lead to malware and viral cyberattacks.

The FBI estimates that more than 1 million FTP servers are unsecure, exposing dentists to potential cyberattacks.

The FBI has issued a cyber security alert that hackers are specifically attacking dental and medical facilities.

The alert indicates that File Transfer Protocol (FTP) servers are the hackers’ target of choice, and that they are attempting to obtain patient data for the purposes of intimidating, harassing or blackmailing practice owners.

RELATED: More Cyber Security News

· Patient Data Breaches Reach Record High, Report Says

· Under Attack: Dentistry Faces Growing Cybersecurity Threat

· 5 Ways to Stop Cyber Crime in its Tracks

Highlighting a 2015 University of Michigan study, the FBI says that more than 1 million FTP servers currently allow anonymous access, potentially exposing protected patient data stored on servers. The FBI explains that anonymous FTP extensions allow anyone access with common usernames, such as “anonymous” or “ftp” without using a password.

Authorities also caution that hackers may attempt to use anonymous access to your FTP server to store malware, viruses, or to mount larger cyberattacks.

“In general, any misconfigured or unsecured server operating on a business network on which sensitive data is stored or processed exposes the business to data theft and compromise by cyber criminals,” the alert reads.

The FBI also issued suggestions on how dentists and other doctors can better protect themselves:

· Dentists should work with reputable IT companies.

· Dentists should have your contracted IT provider check to see if any FTP servers are operating in anonymous mode.

· If your dental practice has a legitimate need for your FTP to be operating in anonymous mode, then you should make sure no sensitive patient data is stored on the server.

Discover more Dentist’s Money Digest news here.