HIPAA Compliance News

Malware on a Hospital Computer Installed by a Cybersecurity Firm CEO

Apr 20, 2025
Daniel Lopez

The CEO of a cybersecurity company based in Edmond, OK was charged with deliberately installing malware at a hospital in Oklahoma City. On August 6, 2024, an employee of SSM Health’s St. Anthony Hospital noticed a man utilizing a hospital computer that only employees are authorized to use. The man was caught by employees and questioned. He explained that a loved one was having an operation at the hospital and he had to use the PC.

The hospital started investigating the incident to determine the nature of the breach and checked security camera videos. The man was seen trying to access several offices in the hospital and utilizing two hospital PCs, one PC was for staff use only. Based on the forensic investigation, malware was installed on the PC. The malware was designed to capture screenshots every 20 seconds and send the files to an outside IP address.

The malware installation could have led to unauthorized patient data access and a potential problem involving HIPAA IT compliance, but hospital employees discovered the unauthorized access in real-time and took quick action to stop a data breach. SSM Health released a statement verifying that patient data was not accessed. SSM Health and law enforcement worked together to investigate the incident.

The hospital notified law enforcement concerning the unauthorized computer access as well as the malware infection. The man, Jeffrey Bowie, is identified as the CEO of a cybersecurity company that provides cybersecurity services like incident response and digital forensics. There was an arrest warrant for Bowie, and the Oklahoma City police arrested him. Bowie was charged with two counts of breaching the Oklahoma Computer Crimes Act.

For the Oklahoma Computer Crimes Act violation, penalties may include a fine, imprisonment, or both. The fine for a misdemeanor conviction that may include unauthorized computer access without resulting in considerable harm is up to $5,000 and up to 30 days in jail. The fine for felony convictions is up to $100,000 and/or a 1 to 10-year jail term.

Tags

Daniel Lopez

Daniel Lopez stands out as an exceptional HIPAA trainer, dedicated to elevating standards in healthcare data protection and privacy. Daniel, recognized as a leading authority on HIPAA compliance, serves as the HIPAA specialist for Healthcare IT Journal. He consistently offers insightful and in-depth perspectives on a wide range of HIPAA-related topics, addressing both typical and complex compliance issues. With his extensive experience, Daniel has made significant contributions to multiple publications such as hipaacoach.com, ComplianceJunction, and The HIPAA Guide, enriching the field with his deep knowledge and practical advice in HIPAA regulations. Daniel offers a comprehensive training program that covers all facets of HIPAA compliance, including privacy, security, and breach notification rules. Daniel's educational background includes a degree in Health Information Management and certifications in data privacy and security. You can contact Daniel via HIPAAcoach.com.

Get The FREE HIPAA Checklist

Discover everything you need to become HIPAA compliant

Malware on a Hospital Computer Installed by a Cybersecurity Firm CEO

Tags

Daniel Lopez

Get The FREE HIPAA Checklist

News

Get the free newsletter

Get the free newsletter

Get The FREE HIPAA Checklist