The CEO of a small cybersecurity firm, Jeffrey Bowie, is currently facing two counts of violating Oklahoma’s Computer Crimes Act. The case against him alleges that he entered an Oklahoma City hospital and installed malware on employee computers in August 2024.
Bowie, who is identified as the CEO of Veritaco, a cybersecurity and private intelligence firm based in Oklahoma City, was arrested on April 14 in connection with the incident. According to reports from local news outlets such as KOKO News 5 and News 9, Bowie was seen accessing an employee’s computer and installing malware designed to capture screenshots every 20 minutes and send them to an external IP address.
The Oklahoma City police department has referred the case to the FBI for further investigation. St. Anthony Hospital, where the incident took place, is a 773-bed tertiary care hospital that is part of the SSM Health system. SSM Health has confirmed that no patient information was compromised during the incident.
Bowie’s LinkedIn profile describes Veritaco as a firm specializing in cybersecurity, digital forensics, and private intelligence, with a small team of employees. As of now, Veritaco’s website is offline, and Bowie has not responded to requests for comment on the case.
The case involving Bowie is just one of several recent incidents of malicious insider activity in healthcare facilities. Other cases include a physical therapist accessing sensitive medical records and clinical photos of plastic surgery patients, as well as a hospital pharmacist spying on colleagues using spyware installed on their computers.
Regulatory attorney Rachel Rose commented on the motivations behind such behavior, stating that individuals involved in these activities are driven by greed, fear, sex, or mental conditions like narcissism. She emphasized the importance of organizations having adequate technical safeguards in place to detect and prevent malware deployment from both internal and external threats.
It is crucial for organizations to conduct annual risk analyses, ensure proper storage and review of security footage, and implement thorough cybersecurity measures to protect sensitive data from malicious actors. The case against Bowie serves as a reminder of the ongoing threat posed by insider breaches and the importance of robust cybersecurity practices in healthcare institutions.