Blog
- Home
- Blog
05 April 2025
When the Gatekeeper Becomes the Threat: CEO of Cybersecurity Firm Arrested for Planting Malware in Hospital Systems
“The biggest threat to your company’s data security isn’t always an external hacker — it could be the very people hired to protect it.”
In a plot twist that reads like a scene from Mr. Robot, the CEO of a cybersecurity firm — yes, the CEO — was arrested for allegedly installing malware on hospital computers.
Jeffrey Bowie, head of Veritaco, is now facing criminal charges under Oklahoma’s Computer Crimes Act. His alleged crime? Installing malware on systems at St. Anthony Hospital that silently took screenshots every 20 minutes and transmitted them to an external IP address.
Let that sink in: a trusted cybersecurity executive, exploiting his own position to plant surveillance tools in a healthcare facility.
Why This Should Set Off Alarm Bells in Every Boardroom
The default assumption in most companies is: “We trust our tech team.”
But what happens when privileged access falls into the wrong hands?
At Raven, we’ve always warned clients:
Cyber risk isn’t just about outsiders brute-forcing your firewall.
It’s about insiders — the developers, admins, and vendors — who already have the keys to the kingdom.
The Rise of Insider Threats: Why Companies Need a Hard Rethink
This incident is not isolated. Insider threats are rising globally, and they’re often the most damaging. Why?
-
They bypass perimeter defenses (because they’re already inside)
-
They understand your systems, your blind spots, your processes
-
They know how to hide their tracks until it’s too late
In this case, malware was only discovered after multiple offices were scanned. Imagine if this had been a financial institution, telco, or government agency.
What Can Your Business Do Right Now?
-
Zero Trust Isn’t Just Buzz — It’s Survival
Trust no one by default, not even internal staff. Implement least privilege access and micro-segmentation. -
Audit and Monitor Admin Accounts
Always monitor high-privilege accounts. Use behavioral analytics to flag abnormal activities like unauthorized installs, strange login times, or data exfiltration. -
Run Digital Fire Drills
Simulate breach scenarios regularly. At Raven, we conduct insider threat simulations as part of our “Digital Fire Drill” exercises. -
Appoint a Watchdog (That’s Not in the Same Pack)
Consider external Data Protection Officers (DPOs) or third-party cyber auditors who don’t have a vested interest in internal politics or cover-ups.
TL;DR: The Enemy Within Is Real
If the cybersecurity CEO can turn rogue, so can anyone with access. Don’t build your security model around blind trust. Build it around accountability, visibility, and resilience.
Want an independent scan of your internal risk exposures?
👉 Raven offers confidential assessments, breach response drills, and DPO-as-a-Service to help you prepare before the breach hits.
Because in cybersecurity, it’s not the hacker you don’t know that breaks you —
it’s the trusted one you thought you did.
