The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information.
While the dangers of placing sensitive data on these servers is well known, smaller businesses may not have the expertise or motivation to upgrade.
The attackers can use the stolen data to harass, intimidate and blackmail these businesses, the FBI says, and may also include using the stolen information to commit fraud.
The attackers could also write to the servers in order to store malware and launch attacks, the FBI says.
The remedy is to remove any personally identifiable information or protected health information from these servers and replace FTP with something more secure.