Oklahoma Cybersecurity CEO Arrested for Hacking Hospital with Malware

The CEO of an Oklahoma-based cybersecurity firm has been arrested after allegedly installing malware on computers at SSM Health’s St. Anthony Hospital, raising concerns about insider threats in the cybersecurity industry and hospital data security.

Jeffrey Bowie, CEO of Edmond-based Veritaco, was taken into custody by Oklahoma City police on April 14 following an investigation into suspicious activity at the hospital.

The incident, which occurred on August 6, 2024, was first detected when a hospital employee noticed Bowie using a computer designated for staff only.

When confronted, Bowie claimed he needed to use the computer because a family member was undergoing surgery.

A subsequent forensic review conducted by St. Anthony Hospital’s IT team revealed that malware had been installed on the device.

According to the Oklahoma City Police Department, the malicious software was designed to take screenshots every 20 minutes and transmit them to an external IP address, potentially compromising sensitive information.

Security footage later showed Bowie attempting to access multiple offices and computers within the hospital before installing the malware.

Despite the breach, SSM Health officials emphasized that no patient data was accessed or exfiltrated.

“On August 6, 2024, an unauthorized individual was identified accessing a hospital computer in an alleged attempt to install malware.

The protection of data and the integrity of our systems are top priorities.

Due to precautions in place, the issue was addressed immediately, and no patient information was accessed.

We worked closely with law enforcement during the investigation,” the hospital said in a statement.

Bowie now faces two counts of violating the Oklahoma Computer Crimes Act.

If convicted, he could face significant fines and jail time, with penalties ranging from up to $5,000 and 30 days in jail for a misdemeanor, to $100,000 in fines and up to ten years in prison if prosecuted as a felony.

Bowie’s company, Veritaco, specializes in identifying security vulnerabilities by simulating hacker tactics practice known as penetration testing.

However, authorities allege that Bowie crossed the line from ethical hacking into criminal activity by installing harmful malware without authorization.

The hospital’s swift response and detection of the unauthorized access prevented any data breach, highlighting the importance of vigilant staff and robust cybersecurity protocols in healthcare settings.

As of this report, Veritaco’s website remains offline, and Bowie has not made any public statements regarding the charges.

The case underscores the growing risks posed by insider threats and the need for constant vigilance, even from those entrusted to protect critical systems.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates