A civil lawsuit alleges that a former pharmacist at the University of Maryland Medical Center in Baltimore accessed the private emails, texts, and photo libraries of at least 80 coworkers after stealing their passwords from hospital computers.
Reported by the Baltimore Banner, the pharmacist, who worked at the facility for nearly a decade, is accused of hacking into hundreds of computers to secretly watch colleagues undressing or breastfeeding. The complaint claims he installed spyware on around 400 devices located in treatment rooms, labs, clinics, and other hospital areas.
The lawsuit also accuses the hospital of failing to uphold proper cybersecurity measures, allowing the pharmacist to abuse his access. He allegedly activated webcams in treatment areas to secretly observe and record coworkers and, using stolen credentials, even accessed one colleague’s home security system to watch her during intimate moments.
Attorney Steve Kelly, representing the victims, called the extent of the breach “unprecedented and shocking.”
Though named in the lawsuit, the pharmacist has not been charged with a crime as of now, and WTOP has chosen not to release his identity.
In response, University of Maryland Medical System spokesperson Michael Schwartzberg condemned the alleged actions, stating they conflict with the organization’s core values. He affirmed that the hospital system is fully cooperating with the FBI and U.S. Attorney’s Office in an ongoing criminal investigation.
The lawsuit also mentions that the hospital should have noticed suspicious behavior, such as the pharmacist repeatedly using his ID badge to access restricted rooms.
Schwartzberg added that the institution is reinforcing its cybersecurity defenses, noting that healthcare organizations have increasingly become targets of cyber threats.
