The Federal Bureau of Investigation has issued a warning to healthcare organizations using File Transfer Protocol ( FTP ) servers . Medical and dental organizations have been advised to ensure FTP servers are configured to require users to be properly authenticated before access to stored data can be gained . Many FTP servers are configured to allow anonymous access using a common username such as ‘ FTP ’ or ‘ anonymous ’ . In some cases , a generic password is required , although security researchers have discovered Vulnerability-related.DiscoverVulnerability that in many cases , FTP servers can be accessed without a password . The FBI warning Vulnerability-related.DiscoverVulnerability cites research conducted by the University of Michigan in 2015 that revealed Vulnerability-related.DiscoverVulnerability more than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain access Attack.Databreach to the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailed Attack.Ransom if PHI is stolen Attack.Databreach . Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacks Attack.Databreach on healthcare organizations . The protected health information of patients was stolen Attack.Databreach and organizations were threatened with the publication of data if a sizable ransom payment Attack.Ransom was not made . In some cases , patient data were published online when payment was not received Attack.Ransom . There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .