UPDATE MAY 6, 2025
The cybersecurity professional accused of installing spyware on SSM St. Anthony Hospital last summer confirmed on LinkedIn key details of the drama.
Jeffrey Bowie took the unusual step of addressing the accusations publicly in a LinkedIn post, reports the Register. While contesting some aspects of the allegations, he admitted to writing and executing software on the hospital’s computers. This software reportedly captured a screenshot every 20 minutes and sent it to a remote host.
According to Bowie, the code was developed “on the fly” using PowerShell on a guest computer in a waiting area, not on a staff machine. He further claimed that while wiggling the mouse on a hospital staff PC, he discovered the workstation was logged in with access to sensitive patient medical records. He stated that he refrained from accessing this system further, though he acknowledged deploying surveillance code on the guest computer.
Bowie’s LinkedIn posts also included his explanations for the incident. He attributed his actions to being “in and out of psychosis” at the time. He claimed that paranoia stemming from an IT security breach at a hospital within the SSM Health network, combined with his mental health struggles and mishandled treatment, led to his fear that personal and sensitive information was unsafe.
While Bowie acknowledged his mental health issues contributed to the situation, he also admitted, “This doesn’t excuse what happened,” but asserted that it was important to “add context to the matter.”
The public revelations on LinkedIn have only added to the intrigue surrounding the case. Bowie has claimed that media coverage of the incident has defamed him, leading to reputational damage and business losses exceeding $12,000. He maintains that his actions were not malicious but driven by anxiety and perceived threats to data security.
Nonetheless, Bowie now faces serious legal consequences.
ORIGINAL APRIL 22, 2025 ARTICLE:
OKLAHOMA CITY, Okla. – The CEO of an Edmond-based cybersecurity company has been arrested for allegedly carrying out a cyberattack on SSM St. Anthony Hospital last summer. The suspect, identified as Jeffrey Bowie, allegedly installed malware software on a hospital computer, triggering concerns about patient data security.
According to investigators, the incident occurred on August 6, 2024, when Bowie entered St. Anthony Hospital and attempted to access multiple offices. Security camera footage reportedly captured him wandering around the facility and eventually accessing two computers, one of which was for employee use only.
Related Article: Maryland Pharmacist Accused of Decade-Long Cyber-Voyeurism Campaign at UMMC
Authorities claim that within a span of 10 minutes, Bowie installed malware capable of taking screenshots every 20 minutes and sending them to an external IP address, reports KOCO. When approached by a hospital employee, Bowie allegedly claimed he had a family member in surgery and needed to use the computer.
Hospital Conducts Forensic Review, Finds Malware
A forensic review conducted by the hospital revealed evidence of the malware. However, SSM St. Anthony Hospital has confirmed that no patient data was accessed during the breach.
Bowie is the CEO of a cybersecurity company that specializes in acting like hackers to identify potential security vulnerabilities. While this practice is legitimate within the industry, authorities allege in this instance he crossed the line by installing harmful malicious software.
An arrest warrant for Bowie was issued, and Oklahoma City police arrested him on April 14. He is now facing two counts of violating the Oklahoma Computer Crimes Act.
SSM Health released the following statement regarding the incident, reports News9:
Related Article: Why You Should be Using Red Teams to Enhance Hospital Security
“On August 6, 2024, an unauthorized individual was identified accessing a hospital computer in an alleged attempt to install malware. The protection of data and the integrity of our systems are top priorities. Due to precautions in place, the issue was addressed immediately, and no patient information was accessed. We worked closely with law enforcement during the investigation.”
