Matthew Bathula, University of Maryland hospital pharmacist, indicted in voyeurism case

A federal grand jury has indicted former University of Maryland hospital pharmacist Matthew Bathula on charges of felony computer crimes, alleging that he hacked computers in the Baltimore hospital as part of a scheme to steal hundreds of intimate photos of female doctors, nurses and pharmacists who worked with him.

Bathula, 41, of Clarksville, is also accused of installing spyware on the computers to conduct video surveillance of people inside the hospital and record videos of them.

In the indictment unsealed Friday, prosecutors charged him with unauthorized access of a company’s protected computers and identity theft. He faces a maximum penalty of 17 years in federal prison. On Friday, he pleaded not guilty and requested a jury trial.

Criminal charges in the case were long awaited by the women he allegedly spied on. Six lead plaintiffs accused him of a yearslong cybervoyeurism scheme with a class-action lawsuit filed last year against the hospital.

The indictment Friday also brought the revelation that prosecutors put the number of his victims at 195 people, including former and current hospital employees along with their friends, family members and coworkers.

“Each of the 195 ‘Jane Does’ is a person whose sense of privacy was completely destroyed,” said Steven J. Kelly, one of the women’s attorneys in the lawsuit. “Bathula targeted his friends, co-workers and other women engaged in critical life-saving work at a world-class medical institution.”

Bathula worked as a clinical pharmacist from 2011 to 2024 at the University of Maryland Medical Center in downtown Baltimore. He was fired in October 2024 after the hospital’s technology staff detected his alleged crimes.

During his initial appearance in federal court Friday, Bathula did not address the allegations. His attorney, Paulette Pagán, declined to comment.

He was released on conditions that he avoid computers and make no contact with victims and witnesses in the case. His trial has not yet been scheduled.

“Bathula’s alleged actions are a reprehensible invasion of privacy. He betrayed the trust of his employer and co-workers, as he gained access into the private worlds of nearly 200 victims without their knowledge or consent,” Kelly O. Hayes, U.S. Attorney for Maryland, said in a news release.

Jimmy Paul, the special agent in charge of Baltimore’s FBI field office, said in a news release that agents notified each victim across the country. At the teaching hospital, Bathula went on rounds with pharmacy residents in training.

Bathula is accused of installing keystroke loggers on computers throughout the hospital to steal usernames and passwords from the women he worked with. He allegedly used their credentials to log in and comb through the women’s accounts for intimate materials such as nude photos, diary entries and breastfeeding pictures.

Investigators found Bathula with a USB drive that contained 247 sexually explicit photos and 27 sexually explicit videos, as well as other compromising photos and videos and photos of coworkers’ passports and driver’s licenses, according to the indictment.

He also stole their browser cookies allowing him to continually access their accounts without their knowledge on his own devices such as a cellphone, laptop and tablet, prosecutors allege in the indictment. Federal authorities seized 48 electronic devices from him, including external hard drives, thumb drives, digital cameras, laptops and tablets.

Prosecutors allege that he conducted the video surveillance of people at the hospital 21 times between February 2023 and July 2024, according to the indictment.

The plaintiffs in the civil lawsuit accuse Bathula’s former employers, the University of Maryland Medical System and its flagship University of Maryland Medical Center, of negligence, saying officials failed to detect and stop Bathula’s alleged decade-long campaign of cyber voyeurism. The women also say the hospital failed to sufficiently notify staff and patients after uncovering the security breach.

The women’s lawsuit, filed April 3, 2025, in Baltimore Circuit Court, brought the allegations against Bathula to light.

Two months later, state regulators suspended his pharmacy license.

In the lawsuit, several women also alleged that Bathula secretly activated their home security cameras. He is accused of disabling the camera light inside one woman’s home to watch videos of her with her children.

The women said they only discovered that they had been spied upon after FBI agents showed them some of Bathula’s photos and videos, according to the lawsuit. The women also say the hospital failed to sufficiently notify staff and patients after uncovering the security breach.

Attorneys for the University of Maryland Medical System put the hospital system’s potential civil liability at more than $9.5 million.

“We remain deeply disappointed and angered by the actions of Matthew Bathula and we are appreciative that this individual — who violated not only the trust of his colleagues but many of the values and policies of our organization — is being held accountable,“ University of Maryland Medical System spokesman Michael Schwartzberg wrote in an email.