Maryland pharmacist used keyloggers to spy on coworkers for a decade, victim alleges

A Maryland pharmacist installed spyware on hundreds of computers at a major teaching hospital and recorded videos over the course of a decade of staff pumping breastmilk and breastfeeding, a class-action lawsuit alleges. 

The suit, filed on March 27 and first reported by the Baltimore Banner, accuses pharmacist Matthew Bathula of implanting keyloggers — a type of software that records what someone types on a keyboard — on about 400 computers at the University of Maryland Medical Center (UMMC). 

The class-action was filed by an anonymous employee at the hospital against her employer, which the suit contends was negligent in allowing the security breaches to occur and in allegedly failing to notify victims. No criminal charges have been filed against Bathula, who according to the complaint and a statement from UMMC is being investigated by the FBI.

“It’s our most sincere hope and expectation that the person alleged to have violated the trust of his colleagues and of our organization will be held accountable to the fullest extent of the law, which is why we have worked collaboratively over the past several months with the FBI and US Attorney’s Office who are engaged in an active criminal investigation,” the medical center said in a statement posted to their website on Thursday. 

“Healthcare organizations and the people who work in them have unfortunately in recent times become the victims of cyberattacks from threat actors, and we continue to take aggressive steps to protect our IT systems in this challenging environment.”

Through the keyloggers, Bathula allegedly accessed coworkers’ passwords, including for bank accounts, home surveillance systems, emails, dating apps and other accounts. He downloaded private photographs, videos and personal information, the complaint claims, and even remotely activated webcams in exam rooms for telehealth sessions.  

The protections to stop someone from accessing devices and installing malware were inadequate, the plaintiff alleges. 

“UMMC is subject to numerous state and federal regulations that require it to implement measures to protect the sensitive information stored on its computer systems,” the complaint says. “Bathula could not have pulled off his decade-long cyber spying campaign unless UMMC’s data security measures were woefully inadequate.”

According to the suit, the hospital sent an email to employees in early October about “a serious IT incident” and a “highly sophisticated and very difficult to detect cyberattack that has resulted in the theft of data from shared UMMS computers.” The email acknowledged the use of keylogging software and said the facility has been investigating the attack and would communicate updates “in the coming days.” 

The victims say they only discovered their information was compromised — and in some cases that highly personal material was accessed — when they were contacted by the FBI. 

The hospital reportedly “put IT protections in place that were readily available prior to Bathula’s attacks and which are reasonable and standard in the industry,” according to the complaint, including disabling the use of thumb drives and implementing restrictions on downloads and uploads of applications. 

“These minimal protections were not in place during Bathula’s decade of criminal cyber activity,” they said. 

The pharmacist was terminated in October 2024 but, according to the suit, subsequently moved to another health system. Attempts to reach Bathula were unsuccessful. 

A UMMC spokesperson declined to comment on the specifics of the case but said “in response to this incident, we have increased surveillance across our network to better detect unauthorized access.”