25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Cybersecurity Firm CEO Charged with Installing Malware on a Hospital Computer

Posted By on Apr 18, 2025

The CEO of an Edmond, OK-based cybersecurity firm has been accused of intentionally installing malware at an Oklahoma City hospital. On August 6, 2024, a member of staff at SSM Health’s St. Anthony Hospital observed a man using a hospital computer that had been designated for employee use only. The man was apprehended by staff and questioned, and explained that a family member was undergoing surgery at the hospital and he needed to use the computer, according to KOKO News 5.

The hospital launched an investigation to identify the nature of the unauthorized activity and reviewed security camera footage. The man was observed attempting to access multiple offices in the hospital and using two hospital computers, one of which was for employee use only. The forensic investigation confirmed that malware had been installed on the computer. The malware was programmed to take screenshots every 20 seconds and transmit the images to an external IP address.

The installation of malware could potentially have resulted in unauthorized access to patient data; however, the unauthorized access was identified in real-time by staff at the hospital, and immediate action was taken to prevent a data breach. SSM Health issued a statement confirming there was no unauthorized access to patient data, and SSM Health has worked closely with law enforcement during the investigation.

Law enforcement was notified about the unauthorized computer access and malware infection. The identity of the man was established and determined to be Jeffrey Bowie, the CEO of a cybersecurity firm that offers cybersecurity services such as digital forensics and incident response. An arrest warrant was issued, and Bowie was arrested by Oklahoma City police. He has since been charged with two counts of violating the Oklahoma Computer Crimes Act.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The penalties for Oklahoma Computer Crimes Act violations can include a fine, jail term, or both. A misdemeanor conviction, which can include unauthorized access to a protected computer without causing significant harm, can result in a fine of up to $5,000 and a maximum of 30 days’ imprisonment. Felony convictions see the penalties increased to a fine of up to $100,000 and/or a jail term between 1 and 10 years.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist