A federal grand jury has indicted Matthew Bathula, a former pharmacist at the University of Maryland Medical Center, accusing him of a years-long campaign of cyber voyeurism that targeted colleagues both at work and inside their homes. The indictment, unsealed Friday, alleges he hacked hospital computers, installed keystroke-logging software and used stolen credentials to get into private photo accounts and home surveillance feeds. Prosecutors say roughly 195 people were affected.
In the newly unsealed indictment, federal prosecutors charged Bathula with unauthorized access of protected computers and identity theft, and put the victim count at about 195, according to The Baltimore Banner. Bathula worked as a clinical pharmacist at the University of Maryland Medical Center from 2011 until he was fired in October 2024. His attorney, Paulette Pagán, declined to comment, the outlet reports.
How investigators say he did it
Plaintiffs in a class-action complaint say Bathula installed keylogging software on hundreds of hospital computers to capture usernames and passwords, then used those credentials to log into victims’ cloud accounts and home surveillance systems to view and download intimate photos and recordings, including breastfeeding and private family moments. The complaint also alleges he disabled a camera light inside one woman’s house to secretly record videos, and that many victims only learned they had been targeted after FBI agents showed them samples of the material, according to Grant & Eisenhofer P.A..
State licensing action
The Maryland State Board of Pharmacy moved in June 2025 to summarily suspend Bathula’s pharmacist license after a show-cause hearing and preliminary findings that connected suspicious email rules and USB activity to hospital systems; the board’s interim order notes forensic work by CrowdStrike that traced confirmed threat activity back to April 1, 2021. The order says the suspension remains in place pending resolution of criminal proceedings and any further board hearings. See the board’s interim order for details: Maryland State Board of Pharmacy.
Hospital response and FBI probe
The University of Maryland Medical System has said it has been working with the FBI and the U.S. Attorney’s Office and described the alleged conduct as “contrary to every value of our organization,” according to earlier reporting. Attorneys for plaintiffs say the hospital first alerted staff to a “serious IT incident” in October 2024 but did not initially disclose the full scope of what was taken or who was targeted, and many employees only learned they were victims when contacted by FBI investigators. For background reporting on the lawsuits and initial disclosures, see CBS Baltimore.
What the charges mean
Charges described as unauthorized access of protected computers and identity theft are federal offenses that can be prosecuted under statutes such as the Computer Fraud and Abuse Act and federal identity-theft laws, and penalties vary with the nature and scale of the intrusion. The Congressional Research Service’s primer lays out how CFAA counts and related statutes are used in computer-intrusion cases and the possible sentencing ranges for serious intrusions. See analysis at Congress.gov for legal context.
The unsealed indictment begins a federal criminal process but does not itself set a trial date; prosecutors must file the indictment in court and a judge will set arraignment and pretrial dates. Bathula’s attorney again declined to comment and prosecutors have not yet released further case documents, according to The Baltimore Banner. The case remains under active investigation…