Ethical Hacking News
A former pharmacist at the University of Maryland Medical Center has been accused of using webcams to spy on female clinicians at work and at home. The allegations span nearly a decade and claim that hundreds of computers were compromised with spyware, allowing the individual to access intimate moments of colleagues without their knowledge or consent.
A pharmacist at the University of Maryland Medical Center (UMMC) allegedly installed spyware on hundreds of computers, including webcams, without detection. The allegations span nearly a decade and claim that the pharmacist used keylogging software to access personal data and webcam footage of female clinicians. UMMC was accused of negligence for failing to detect or stop the use of spyware, which allowed unauthorized access to personal data and webcam footage. The hospital's mass email alert in October 2024 failed to notify employees whether their personal data had been accessed or if they had been spied upon. UMMC has taken steps to address the issue, including placing the pharmacist on administrative leave and terminating his employment, but questions remain about its responsibility for ensuring patient data security.
A shocking lawsuit has been filed against the University of Maryland Medical Center (UMMC), alleging that a pharmacist used webcams to spy on female clinicians at work and at home. The allegations, which span nearly a decade, claim that Matthew Bathula, a former UMMC pharmacist, installed spyware on hundreds of computers in various locations within the hospital, including clinics, treatment rooms, labs, and administrative offices.
The lawsuit, filed last week in a Baltimore circuit court, accuses UMMC of negligence for failing to detect or stop Bathula's use of keylogging software, which allowed him to access webcams and record videos of his colleagues without their knowledge or consent. The plaintiffs claim that Bathula used these cameras to watch coworkers breastfeeding, having sex with their partners, and engaging in other intimate activities.
The allegations are particularly egregious because they involved the unauthorized access of personal data stored on cloud services such as Google Drive. According to the lawsuit, Bathula installed keylogging software on UMMC computers, which allowed him to learn his victims' username and password patterns, thereby gaining access to their personal accounts and webcam footage.
The scandal came to light in October 2024, when UMMC sent out a mass email alerting recipients to a "serious IT incident" that may have impacted patients and team members. The hospital claimed that it had discovered a highly sophisticated cyberattack that had resulted in the theft of data from shared UMMS computers located at the University of Maryland Medical Center Downtown Campus and the Frenkil Building.
However, the email failed to notify employees whether their personal data had been accessed or if they had been spied upon in exam rooms or elsewhere. It was not until FBI investigators contacted victims that they learned of the alleged illicit observations.
Following the October notification, UMMC placed Bathula on administrative leave and subsequently terminated his employment. However, it is alleged that he was subsequently hired at a different medical facility that was not informed about the allegations.
UMMC has since issued a statement condemning Bathula's actions as "a serious breach of trust" and assuring employees that the hospital is working to better protect its IT systems. The hospital also expressed its commitment to cooperating with the FBI and US Attorney's Office in their ongoing criminal investigation into the scandal.
The lawsuit against UMMC raises important questions about the organization's responsibility for ensuring the security and privacy of patient data. While UMMC has taken steps to address the issue, the fact that Bathula was able to install spyware on hundreds of computers without detection highlights the need for more robust cybersecurity measures within hospitals.
Furthermore, the scandal highlights the vulnerability of healthcare organizations to cyber threats, which can have serious consequences for patients and staff. As healthcare institutions increasingly rely on technology to manage patient data and provide care, they must prioritize cybersecurity and take steps to protect against such breaches.
In conclusion, the UMMC cyber-voyeurism scandal is a shocking example of how easily an individual can exploit vulnerabilities in an organization's IT systems to commit serious wrongdoing. As the lawsuit against UMMC proceeds, it will be important for the hospital and its employees to demonstrate their commitment to protecting patient data and ensuring the security of healthcare information.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Pharmacists-Web-of-Deceit-The-UMMC-Cyber-Voyeurism-Scandal-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/04/09/pharmacist_accused_of_cyber_voyeurism/
Published: Tue Apr 8 23:33:13 2025 by llama3.2 3B Q4_K_M
