Following an investigation by the Federal Bureau of Investigation (FBI), a pharmacist at the University of Maryland Medical Center, Dr. Matthew Bathula, is accused of allegedly carrying out a decade-long campaign of cyber-voyeurism.
According to local newspaper, the Baltimore Banner, Bathula allegedly watched the women colleagues in real-time, including one while she was home breastfeeding, undressing, and having sex with her husband. Six of the women are suing the hospital for negligence, having only discovered that they had been spied on after FBI agents recently showed them some of Bathula’s photos and videos.
“The scale of the privacy invasion giving rise to this action is as unprecedented as it is shocking,” Steve Kelly, their attorney, wrote in the Baltimore Circuit Court lawsuit. “For nearly a decade, a single pharmacist named Matthew Bathula installed spyware on at least 400 computers in clinics, treatment rooms, labs, and a variety of other locations at one of the nation’s premier teaching hospitals.”
The case highlights the growing security risk inherent in professional environments such as the healthcare sector, where medical professionals frequently adopt an ‘always-on’ digital lifestyle, leaving themselves open to bad actors stealthily spying on their personal and professional lives. Frequently unsecured devices like imaging, patient equipment, and hospital OT systems, known as the internet of medical things (IoMT), have also proliferated in hospitals and medical centres, leaving a massive security breach in the healthcare sector as a whole.
At the end of March, Claroty, the cyber-physical systems (CPS) protection company, released new research on the riskiest exposures to connected medical devices most coveted for exploitation by adversaries. The “State of CPS Security: Healthcare Exposures 2025” report found that 89 percent of healthcare organizations, almost nine in ten, have the top one percent of riskiest IoMT devices. These contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns, as well as an insecure connection to the internet – on their networks.
Four in 10 organizations paid ransom of $1m – $5m
Eight percent of imaging systems (X-rays, CT scans, MRI, ultrasound, and more) have KEVs linked to ransomware and insecure internet connectivity, making this the riskiest medical device category and impacting 85 percent of healthcare organizations. Of those organizations taking part in the survey, 78 percent reported ransomware payments of $500,000 USD or more, and 39 percent met ransom demands of between $1 million and $5 million.
According to Ty Greenhalgh, Industry Principal for Healthcare at Claroty. “Cybercriminals, especially ransomware groups, exploit outdated technology and insecure connectivity to gain footholds in hospital networks. To counter these threats, healthcare security leaders must take an exposure-centric approach—prioritizing the most critical vulnerabilities and aligning remediation efforts with industry guidelines like the HHS’ HPH Cyber Performance Goals—to protect patient safety and ensure operational continuity.”
Claroty’s report is based on an analysis of over 2.25 million Internet of Medical Things (IoMT) and 647,000-plus operational technology (OT) devices across 351 healthcare organizations.
