OKLAHOMA CITY, Okla. – The CEO of an Edmond-based cybersecurity company has been arrested for allegedly carrying out a cyberattack on SSM St. Anthony Hospital last summer. The suspect, identified as Jeffrey Bowie, allegedly installed malware software on a hospital computer, triggering concerns about patient data security.
According to investigators, the incident occurred on August 6, 2024, when Bowie entered St. Anthony Hospital and attempted to access multiple offices. Security camera footage reportedly captured him wandering around the facility and eventually accessing two computers, one of which was for employee use only.
Related Article: Maryland Pharmacist Accused of Decade-Long Cyber-Voyeurism Campaign at UMMC
Authorities claim that within a span of 10 minutes, Bowie installed malware capable of taking screenshots every 20 minutes and sending them to an external IP address, reports KOCO. When approached by a hospital employee, Bowie allegedly claimed he had a family member in surgery and needed to use the computer.
Hospital Conducts Forensic Review, Finds Malware
A forensic review conducted by the hospital revealed evidence of the malware. However, SSM St. Anthony Hospital has confirmed that no patient data was accessed during the breach.
Bowie is the CEO of a cybersecurity company that specializes in acting like hackers to identify potential security vulnerabilities. While this practice is legitimate within the industry, authorities allege in this instance he crossed the line by installing harmful malicious software.
An arrest warrant for Bowie was issued, and Oklahoma City police arrested him on April 14. He is now facing two counts of violating the Oklahoma Computer Crimes Act.
SSM Health released the following statement regarding the incident, reports News9:
Related Article: Why You Should be Using Red Teams to Enhance Hospital Security
“On August 6, 2024, an unauthorized individual was identified accessing a hospital computer in an alleged attempt to install malware. The protection of data and the integrity of our systems are top priorities. Due to precautions in place, the issue was addressed immediately, and no patient information was accessed. We worked closely with law enforcement during the investigation.”
