Does your healthcare practice use FTP servers that operate in “anonymous” mode as a part of your IT systems? Then you are in danger!
In March, the FBI published a Private Industry Notification to warn healthcare practices like yours that these types of servers are vulnerable to cybercriminals. Given that the anonymous mode is a default server setting that allows for easier access and authentication, it presents a serious risk to businesses that store sensitive data, such as protected health information (PHI).
Hackers that find businesses with FTP servers in anonymous mode will then intimidate, harass or blackmail healthcare practitioners, or sell stolen information to other cybercriminals. Furthermore, by accessing the server, hackers will also place malicious software and incriminating data in order to execute ransomware and other cybercrime schemes.
That’s why it’s so important for you to evaluate your servers and ensure none of them are running in anonymous mode. If your business requires servers to be configured as such, be sure that no sensitive data is stored on them.
As a member of the healthcare industry, you need to go above and beyond in your cybersecurity efforts in order to make sure that hackers can’t breach your systems. Just last week, a majority of England’s NHS was taken offline by a large scale ransomware attack.
Don’t think your practice’s small size will keep you safe either – data from IBM indicates that small and mid-sized businesses are hit by 62 percent of all cyberattacks, which costs an average of $690,000 for small businesses and over $1 million for middle market organizations in damage control and repairs.