BioterrorismAudits find “troubling” security flaws in CDC labs

Published 27 February 2013

Laboratories at the Centers for Disease Control Prevention (CDC) have been cited in  government audits for  failing to  secure  bioterror agents such as  anthrax and plague. The audits also found that  employees handling these agents have not been trained properly to do so.

Laboratories at the Centers for Disease Control Prevention (CDC) have been cited in  government audits for  failing to  secure  bioterror agents such as  anthrax and plague. The audits also found that  employees handling these agents have not been trained properly to do so.

USA Todayreports that according to the CDC, there was never a point at which employees or the general public were in danger because the labs have redundant layers of safety and security.

“We always take it seriously,” Joseph Henderson, director of the CDC’s Office of Safety, Security and Asset Management told USA Today. “We strive for perfection.”

The Department of Health and Human Services (HHS) investigated lab security after a scientist at an Army lab in Maryland was tied to the anthrax attacks in 2001. The inspector general (IG) also discussed the same problems in reports in and 2008 and 2009

According to a 2010 report by the Department of Health and Human Services “These weaknesses could have compromised [CDC’s] ability to safeguard select agents from accidental or intentional loss and to ensure the safety of individuals.”

The reports, documenting how  CDC has failed on numerous occasions properly to handle  the world’s most dangerous pathogens, has raised concerns among lawmakers. The CDC refuses to release copies of its lab inspection reports, but the IG’s office gave the reports to USA Today under the Freedom of Information Act.

Representative Fred Upton (R-Michigan), chairman of the House Committee on Energy and Commerce called the issues in the IG reports “troubling,” and his committee is now examining the federal regulation of bioterror labs as a result of several USA Today reports last year on cases of security doors being left unlocked and airflow system malfunctions.

Some of the issues that were cited in the audits include:

  • Failing to ensure the physical security of bioterror agents or restrict access to approved individuals. The 2009 report cites coding on electronic cards that allowed overly broad access to approved workers, allowing them wide access to all bioterror research areas, rather than just the specific areas or specimen freezers for their projects. Most of the details in the 2010 report were redacted.
  • Failing to ensure that those working with and around potential bioterror agents have received required training. The 2010 report says auditors could not verify that 10 of 30 employees sampled had the required training. The 2009 report says the labs “did not provide biosafety and security training to 88 of 168 approved individuals” before they were given access to work areas for bioterror agents.
  • Not ensuring that only approved individuals accepted packages containing potential bioterror agents arriving from other outside labs. The 2010 audit identified six unapproved people — five from a delivery contractor and one security guard — who received and signed for the packages. The 2008 report, which focused on security of arriving packages, also identified issues.

T the locations of the CDC labs examined by the IG were taken out of the reports, but Henderson told USA Today that audits in 2008 and 2010 were on labs at the CDC’s main campus in Atlanta, and the 2009 audit was conducted at the lab in Fort Collins, Colorado.

Following the  reports the CDC said last summer that it was planning to have its labs inspected by bioterror lab experts from the U.S. Department of Agriculture every twelve to eighteen months.. Since then the USDA has inspected CDC labs on two occasions, according CDC spokesman Tom Skinner, but the CDC has refused to share copies of the inspection reports, due to security reasons.