On August 6, 2024, a man walked into St. Anthony Hospital in Oklahoma City, told staff he was visiting a family member in surgery, and started trying door handles. Within minutes he had found two computers, one reserved for employees only, and installed malware built to silently screenshot the screen every 20 minutes and ship the images to an external server. He wasn’t a foreign ransomware operator. He was the CEO of a cybersecurity company.
Key Takeaways
- August 6, 2024: Veritaco CEO Jeffrey Bowie installed surveillance malware on two computers at St. Anthony Hospital in Oklahoma City.
- The malware captured a screenshot every 20 minutes and sent the images to an external server.
- No patient data was compromised: an employee confronted Bowie at a staff-only machine within minutes, SSM Health confirmed.
- Bowie was arrested April 14, 2025 and charged with two felony counts under the Oklahoma Computer Crimes Act.
- He had reportedly been fired before over ethics violations by a previous cybersecurity employer whose CEO said the arrest didn’t surprise him.
- Cybersecurity has no license to lose: no registry, blacklist, or licensing body stops a fired professional from starting a new security firm.
Who Is Jeffrey Bowie?
Jeffrey Bowie is the CEO of Veritaco, a small Oklahoma City-area firm marketing cybersecurity, digital forensics, and private intelligence, and the man accused of installing spyware inside St. Anthony Hospital. Veritaco is exactly the kind of company hospitals hire to stop this kind of attack. His LinkedIn told the story of a roughly 25-year career bouncing through security jobs at multiple firms before founding Veritaco in August 2023.
There was a crack in that resume. Bowie had previously worked at Alias, an Oklahoma cybersecurity firm, and after his arrest, Alias CEO Donovan Farrow told local reporters he wasn’t surprised: he had fired Bowie over ethics violations. In an industry that runs entirely on trust, that’s about as loud as a warning gets. Nothing stopped Bowie from launching his own security company anyway, because nothing in the industry exists to stop him: there is no license to lose, no blacklist, no central registry of security professionals who’ve crossed the line. Private certifications can be revoked, but no law requires one to print “cybersecurity expert” on a business card.
Ten Minutes and One Vigilant Employee
Security cameras captured Bowie wandering the corridors of the 700-plus-bed hospital, run by SSM Health, testing doors and slipping into offices. Walking in the front door with a cover story is social engineering at its oldest, the same human exploit that let the MGM casino hackers cripple a casino empire with a single help desk phone call, at a reported cost of roughly $100 million. The malware he installed wasn’t ransomware. It didn’t lock anything or demand payment. It watched. Hospital workstations cycle through patient records, medical histories, prescriptions, insurance details, Social Security numbers, and diagnostic results all day long. A silent screenshot every 20 minutes, running for weeks, is a data breach in slow motion.
It ran for almost no time at all. An employee noticed a stranger at a staff-only machine and confronted him; Bowie repeated the line about a relative in surgery. The hospital escalated, the IT team ran a forensic review, and there it was: freshly installed surveillance malware, configured and active. SSM Health later confirmed no patient data was compromised, a sentence that exists only because one person asked a question.
| Date | Event |
|---|---|
| August 6, 2024 | Bowie enters St. Anthony Hospital and installs malware on two computers |
| Minutes later | An employee confronts him at a staff-only machine |
| Following days | Forensic review confirms active surveillance malware |
| April 14, 2025 | Bowie arrested after months of digital forensics |
| 2025 | Charged with two counts under the Oklahoma Computer Crimes Act |
The arrest took over eight months, a normal lag for cybercrime cases, where investigators must reconstruct exactly what a program did and tie it to a person. Bowie faces two felony counts under the Oklahoma Computer Crimes Act, each carrying the prospect of years in prison and six-figure fines. Veritaco’s website went dark. Bowie made no public statement.
There is a legal version of what Bowie did, and its existence makes his choice more damning, not less. Physical penetration testers break into buildings for a living, with a signed authorization letter from the client in their pocket. Even that can go sideways: in 2019, two testers from security firm Coalfire were arrested mid-job inside an Iowa courthouse they had been hired to test, and spent time in jail before the charges were eventually dropped. Bowie had no letter, no contract, and no client. Just malware and a story about a relative in surgery.
Why Would a Cybersecurity CEO Hack a Hospital?
Nobody but Bowie knows the motive, but the three leading theories are desperation for clients, the resale value of medical data, and simple arrogance. All three say something damning about the industry. The first is desperation: Veritaco was a small, young firm in a crowded market, and staging a breach is one grim way to demonstrate a hospital’s vulnerabilities, a sales pitch with a felony attached. The second is money: complete medical records fetch far more on dark web markets than stolen credit cards, because you can’t cancel a medical history. The third is arrogance: the belief that a career professional could outplay a hospital IT department.
Whatever drove him, the target was no accident. Healthcare is the single most attacked industry in America, with hundreds of reported incidents in 2024 alone, most involving ransomware. The Change Healthcare breach that February compromised the records of more than 190 million people, cost well over $2 billion to clean up, and included a $22 million ransom payment. A ransomware attack on the Ascension hospital chain in May 2024 forced ambulance diversions and weeks of paper-chart medicine, later revealed to have exposed data on about 5.6 million patients. By one industry tally, more than 275 million US patient records were exposed in 2024 alone.
Hospitals are the softest target in the economy, for structural reasons:
- Downtime can kill, so hospitals face more pressure than almost any victim to pay quickly, and researchers have linked cyberattacks on hospitals to slower care and worse patient outcomes.
- Legacy everything: clinical machines routinely run old software that can’t be patched without recertification.
- The data never expires: a stolen diagnosis or SSN stays valuable for a lifetime.
- Openness is the job: visitors, vendors, and contractors walk the corridors all day, which is exactly what Bowie exploited.
And researchers consistently find that the majority of stolen healthcare records leak through third parties: vendors, software suppliers, business associates. Companies, in other words, like Veritaco. It’s the same lesson as the Coinbase breach, where the threat came from inside the trust perimeter: the people with access are the attack surface.
The Critical Choice
The decision that made this story inevitable was Bowie’s own: a cybersecurity CEO deciding that the fastest route to whatever he wanted (clients, data, or vindication) was to physically walk into a hospital and become the threat he sold protection against. Every safeguard the industry pretends exists had already failed upstream: an ethics firing that followed him nowhere, no licensing body, no registry, no barrier between a tainted record and a business card that says “trust me with your infrastructure.” But those were conditions, not causes. The cause was one man choosing to install spyware on a machine that displays patient records, and betting no one would look up.
Where Things Stand Now
As of mid-2026, Bowie’s case is working through Oklahoma’s courts on the two computer crimes counts, and he has stayed silent publicly. Veritaco has effectively ceased to exist. Hospitals, meanwhile, remain the favorite target of ransomware gangs that now openly recruit insiders, and the industry still has no mechanism to stop the next fired-for-ethics professional from printing new business cards. The only thing that stopped this one was an employee who noticed. That is the entire margin of safety, and it’s the uncomfortable truth running through every story in our hacks archive.