Overview
- The federal indictment, unsealed Friday, charges Matthew Bathula, 41, with two counts of unauthorized access to a protected computer and one count of aggravated identity theft tied to about 195 victims, according to the U.S. Attorney’s Office.
- Prosecutors say he worked at the University of Maryland Medical Center from 2011 to 2024 and accessed workplace computers without permission between July 2016 and September 2024 before the hospital fired him in October 2024.
- The indictment details keylogging, cookie managers, file masquerading and an email rule that deleted messages labeled “Critical Security Alert,” which let him use stolen passwords to enter personal and work accounts.
- Investigators allege he ran spyware from February 2023 to July 2024 to record victims without consent, including people breast pumping, and some victims learned of the videos only when the FBI showed them recovered files.
- A class-action filed April 3, 2025, claims the hospital system failed to detect or properly notify staff about the breach, and state regulators later suspended Bathula’s pharmacy license as the criminal case moves forward and he remains presumed innocent.