A pharmacist at the University of Maryland Medical Center (UMMC) has been accused of a years-long cyber-voyeurism scheme, The Boston Banner reports. The class-action suit, which was brought by six women, claims that the defendant secretly accessed hundreds of hospital computers to activate their webcams and spy on young, female doctors and medical residents. His alleged actions included watching the women undress, breastfeed, and engage in private activities such as intimate acts with their husbands.
The lawsuit also accuses the defendant of installing spyware on hospital computers to steal personal passwords and take control of the women’s home networks. The women claim that they only became aware of the surveillance in recent months, after the FBI showed them photos and videos taken by the defendant. The FBI is reportedly investigating the matter, but the man has not been charged with any crimes at this point.
Despite not being criminally charged yet, the defendant has been placed on administrative leave and later fired from his position at the hospital. The UMMC has been cooperating with the FBI in the ongoing investigation, but the lawsuit contends that hospital officials failed to warn the defendant’s new employer about the allegations and did not adequately address the security risks at the hospital.
The plaintiffs argue that the hospital’s security team should have recognized that the defendant was using his access to hospital spaces and systems to tamper with computers and install keystroke loggers, which can capture sensitive data, including passwords.
The lawsuit alleges that he had installed spyware on at least 400 computers across various hospital locations over nearly a decade. These included computers in clinics, treatment rooms, and labs. According to the plaintiffs, the defendant’s actions involved real-time surveillance of several women. Additionally, the lawsuit claims he disabled the camera light in another woman’s home to secretly record videos of her and her children, and accessed the cloud storage of yet another woman to view her personal documents, photos, and sensitive financial information.
In October 2024, UMMC had informed employees of a “serious IT incident,” describing it as a complex and hard-to-detect cyberattack that had led to the theft of data from shared hospital computers. While UMMC took action to address the breach by removing the compromised computers and installing new security measures, the women argue that the hospital did not do enough to fully mitigate the risk or inform all those affected.
The lawsuit seeks damages from UMMC for negligence, accusing the hospital of failing to protect its employees from the defendant’s cyberattacks. The women claim that the hospital system could have and should have done more to prevent this massive invasion of privacy, especially given the defendant's access to critical areas of the hospital through his badge. They also suggest that there could be many more victims who have not yet come forward, estimating that up to 80 individuals may have been affected by the perpetrator’s actions.
