KOCO reported on the arrest of a cybersecurity executive in connection with a data breach at an Oklahoma City hospital.
What happened
On August 6, 2024, Jeffrey Bowie, CEO of Edmond, Oklahoma–based cybersecurity firms Veritaco and 7 Alkaloids LLC, entered SSM Health’s St. Anthony Hospital in Oklahoma City claiming he had a family member in surgery, then roamed through multiple offices until he reached two computers, one designated for staff only, where surveillance footage and court documents show he proceeded to install malware designed to take screenshots every 20 minutes and forward them to an external IP address.
Within ten minutes, hospital staff became suspicious, confronted Bowie, and alerted security, triggering a forensic review that confirmed the presence of the malicious software but found that no patient data had been accessed or exfiltrated. Authorities issued an arrest warrant on April 14, 2025, charging Bowie with two counts under the Oklahoma Computer Crimes Act, each carrying up to $100,000 in fines and ten years’ imprisonment, leading to his arrest by Oklahoma City Police later that week.
What was said
According to Donovan Farrow, CEO of Alias Cyber Security, “Some people just do things out of desperation just trying to grow themselves and stuff like that. I love the cybersecurity community. I want everyone to grow in that, but this is uncalled for, and it puts a bit of a stain on this type of business.”
Why it matters
St. Anthony Hospital’s malware incident illustrates how trusted insiders, or those posing as such, can exploit legitimate access to implant surveillance tools, turning routine network privileges into critical vulnerabilities within healthcare environments. Implanting software that captures and transmits screenshots every 20 minutes directly threatens patient confidentiality and violates HIPAA’s Privacy and Security Rules, exposing organizations to substantial fines and legal liability while eroding public trust.
Rapid detection averted data exfiltration in this case, yet it underscores the struggle of protecting legacy systems and endpoint devices, common in hospitals, from unauthorized internal activity when traditional defenses lack visibility into insider actions.
Related: HIPAA Compliant Email: The Definitive Guide (2025 Update)
FAQs
What is malware?
Malware (malicious software) refers to any program or code designed to disrupt, damage, or gain unauthorized access to a system or network. Common types include viruses, ransomware, spyware, and trojans.
How does malware typically enter healthcare systems?
Malware often enters through phishing emails, compromised websites, infected USB drives, or, as seen in recent incidents, physical access to internal systems by unauthorized individuals.
What are the risks of malware in a hospital setting?
Malware can compromise electronic health records (EHRs), expose protected health information (PHI), disrupt patient care, lock down systems (ransomware),
Kirsten Peremore
