NRI PULSE STAFF REPORT
Baltimore, MD, April 15, 2025: A former pharmacist at the University of Maryland Medical Center (UMMC) is at the center of a disturbing class-action lawsuit alleging a decade-long scheme of cyber-voyeurism, stalking, and privacy violations targeting fellow medical professionals—most of them young women.
Filed on behalf of six Jane Doe plaintiffs, the lawsuit accuses Matthew Bathula, a former Clinical Pharmacy Specialist at UMMC, of installing keylogging spyware on nearly 400 hospital devices to secretly harvest usernames and passwords. He allegedly used these stolen credentials to access victims’ personal accounts, including emails, financial apps, home surveillance cameras, and dating profiles.
According to the plaintiffs, Bathula used hacked webcams and Internet-enabled security cameras to spy on women in treatment rooms, including recording videos of doctors pumping breastmilk in private areas of the Frenkil Building. He’s also accused of accessing home cameras and filming women in intimate, family settings—breastfeeding, interacting with children, and with their partners.
Bathula had no official ties to the IT department and was unauthorized to install any software on hospital computers. Yet, the lawsuit alleges his actions went undetected for nearly ten years due to what it describes as “woefully inadequate” cybersecurity safeguards at UMMC. The only internal warning came in October 2024 via a general email referencing a “highly sophisticated and very difficult to detect cyberattack.”
While the hospital claims the matter was under investigation by cybersecurity experts, the plaintiffs say they only learned of the full extent of the intrusion from FBI notifications and interviews.
The suit also alleges that even after discovering Bathula’s misconduct, UMMC failed to notify a subsequent employer where he continues to work as a pharmacist, putting others at potential risk.
Filed by the law firm Grant & Eisenhofer, the lawsuit seeks a jury trial and demands compensatory, punitive, and exemplary damages. It also alleges negligence, negligent supervision, negligent security, and invasion of privacy.
“Our clients are highly skilled professional women who trusted their employer to protect their privacy,” said Cindy B. Morgan, one of the attorneys representing the plaintiffs. “By enabling a co-worker to so intrusively invade their few precious private moments… UMMC fundamentally violated that trust.”
UMMC has since replaced compromised computers and upgraded security protocols, but the legal and emotional fallout for those affected may only just be beginning.
Cover photo for representation only.
