The CEO of an Oklahoma cybersecurity company is accused of installing malware on employee computers an Oklahoma City hospital last year.
Jeffrey Bowie, listed on LinkedIn as the CEO of two-year-old security firm Veritaco, was arrested this month and charge with two counts of violating the state’s Computer Crimes Act after walking into St. Anthony Hospital in the state’s capital city August 6, 2024.
Bowie reportedly was seen by a hospital employee accessing a hospital computer and, when confronted, said a family member was having surgery at the hospital and that he needed to use the computer.
However, security cameras captured Bowie trying to access multiple offices in the 773-bed hospital and using two computers, including one that was designated to be used only by employees.
A forensic investigation later confirmed that malware had been installed on a computer and that the malware was designed to take screenshots every 20 seconds and send the images to an outside IP address. It took him about 10 minutes to install the malware, according to reports.
No Patient Info Accessed
In a statement to media outlets, SSM Health noted in the incident and said that “due to precautions in place, the issue was addressed immediately, and no patient information was accessed. We worked closely with law enforcement during the investigation.”
St. Anthony’s is part of SSM Health, a non-profit Catholic health system that includes St. Anthony’s and also has health care facilities in Illinois, Missouri, and Wisconsin, with a total of about 40,000 employees, including 15,000 on medical staffs.
The 127-year-old St. Anthony’s is a tertiary care facility that also includes outpatient facilities and clinics.
Veritaco Launched in 2023
According to Bowie’s LinkedIn profile, Veritaco was founded in August 2023. In addition, he also is listed as the CEO of 7Alkaloids LLC, which appears to a natural health supplements company that was launched in December 2024. The websites of both companies as of April 28 were unreachable.
There are several other cybersecurity jobs from the last 25 years listed on his LinkedIn resume, including with such companies as High Point Networks in North Dakota as a senior cybersecurity engineer, Lodestone in Oklahoma City as a security engineer, and Clevyr, an application development and custom software firm in Oklahoma City, where he was a software engineer.
‘A Stain’ on Cybersecurity Business
Oklahoma TV news station KOKO 5 contacted another former employer, Alias Cyber Security, in Yukon, Oklahoma, where Bowie worked for a little more than a year from 2020 to 2021. Alias CEO Donovan Farrow told the news station that he wasn’t surprised when he heard about Bowie’s arrest, having let him go due to ethics concerns.
“Some people just do things out of desperation just trying to grow themselves and stuff like that,” Farrow said. “I love the cybersecurity community. I want everyone to grow in that, but this is uncalled for, and it puts a bit of a stain on this type of business.”
Health Care a High-Value Cyber Target
Health care organizations rank high on the list of targets by cyberthreats, due in part to the large amount of personal and sensitive data they hold and the wide use of internet-connected devices. In addition, the personal health and personally identifiable information they collect are highly valuable to bad actors, according to the American Hospital Association (AHA).
“In fact, stolen health records may sell up to 10 times or more than stolen credit card numbers on the dark web,” the AHA wrote in a report. “Unfortunately, the bad news does not stop there for health care organizations — the cost to remediate a breach in health care is almost three times that of other industries — averaging $408 per stolen health care record versus $148 per stolen non-health record.”
There were at least 386 reported cyberattacks on health care organizations last year, the organization wrote, outpacing the record set the year before.
