The CEO of an Edmond, OK-based cybersecurity firm has been accused of intentionally installing malware at an Oklahoma City hospital. On August 6, 2024, a member of staff at SSM Health’s St. Anthony Hospital observed a man using a hospital computer that had been designated for employee use only. The man was apprehended by staff and questioned, and explained that a family member was undergoing surgery at the hospital and he needed to use the computer, according to KOKO News 5.
The hospital launched an investigation to identify the nature of the unauthorized activity and reviewed security camera footage. The man was observed attempting to access multiple offices in the hospital and using two hospital computers, one of which was for employee use only. The forensic investigation confirmed that malware had been installed on the computer. The malware was programmed to take screenshots every 20 seconds and transmit the images to an external IP address.
The installation of malware could potentially have resulted in unauthorized access to patient data; however, the unauthorized access was identified in real-time by staff at the hospital, and immediate action was taken to prevent a data breach. SSM Health issued a statement confirming there was no unauthorized access to patient data, and SSM Health has worked closely with law enforcement during the investigation.
Law enforcement was notified about the unauthorized computer access and malware infection. The identity of the man was established and determined to be Jeffrey Bowie, the CEO of a cybersecurity firm that offers cybersecurity services such as digital forensics and incident response. An arrest warrant was issued, and Bowie was arrested by Oklahoma City police. He has since been charged with two counts of violating the Oklahoma Computer Crimes Act.
The penalties for Oklahoma Computer Crimes Act violations can include a fine, jail term, or both. A misdemeanor conviction, which can include unauthorized access to a protected computer without causing significant harm, can result in a fine of up to $5,000 and a maximum of 30 days’ imprisonment. Felony convictions see the penalties increased to a fine of up to $100,000 and/or a jail term between 1 and 10 years.