Health authorities, hospitals and pharmaceutical companies are storing Covid-19 vaccines in secure, undisclosed locations and taking other steps to protect the shots against a looming threat: theft. As the leading vaccine candidates advance closer to use, vaccine makers such as Pfizer Inc. are deploying GPS software for tracking distribution and plotting fake shipments in dummy trucks to confuse criminals. Glassmaker Corning Inc. is equipping vials with black-light verification to curb counterfeiting. And some hospitals expected to be among the first vaccination sites are beefing up their pharmacies’ security systems. The goal, industry and health officials say, is protecting the shots against professional thieves who have a long history of targeting valuable medicines, and have pilfered Covid-19 tests, masks and other personal protective equipment during the coronavirus pandemic. “We are appropriately paranoid about anything that has to do with either cybersecurity or physical security and we are taking great precaution to ensure that these are safeguarded,” Paul Mango, deputy chief of staff for policy at the U.S. Department of Health and Human Services, said in an interview. The department has arranged for U.S. marshals to accompany shipments of vaccines, which are currently stored at undisclosed locations, once the shots are authorized for distribution, Mr. Mango said. Despite such measures, industry officials and logistics specialists worry the shots could be vulnerable to theft at weak links in the supply chain, such as distribution centers, truck stops and hospitals with lax security. Five large hospital systems and several states said in interviews they are more focused on ensuring that enough people take the shots and securing capabilities to store the vaccines at the required extremely cold temperatures, than possible theft. They added that they plan to use standard security steps, such as locking the vaccines in pharmacies. “They don’t want to admit it’s a problem,” said Anna Nagurney, a University of Massachusetts at Amherst professor who studies supply-chain logistics. “It’s another kind of expense for them.” Leading Covid-19 vaccine candidates from Pfizer, Moderna Inc. and other companies are in the final stage of testing. The shots could be authorized as early as November or December, according to Pfizer and Moderna executives. Though drugmakers have been producing doses, initial supplies are expected to be limited, making any shot a coveted commodity. Industry officials and experts are concerned they could be intercepted by sophisticated criminals, foreign governments or individuals eager to get vaccines before prioritized groups, such as health-care workers. “You are going to have people that will want to have access to the vaccine earlier,” said Juan Andres, chief of technical operations at Moderna, which enhanced security at manufacturing and storage facilities for its Covid-19 vaccine. “I do think that the vaccine needs to be protected.” Over the past five years, world-wide incidents such as theft and counterfeiting of pharmaceutical products rose nearly 70%, according to the Pharmaceutical Security Institute, a trade group. Thefts happen during pandemics. In 2009, local police arrested a man accused of stealing more than 900 doses of the H1N1 vaccine in Milwaukee outside a school where officials administered the vaccine, and later recovered the doses. To protect Covid-19 shots, several states say manufacturers or the federal government will ship the vaccine directly to hospitals and other vaccination sites to reduce the number of road stops. In Illinois, local health officials intend to secure the vaccine by keeping just enough to be used within two days. Vaccine makers plan to employ measures that in recent years have helped reduce theft, including the use of empty so-called dummy trucks to throw off thieves, industry officials and security experts say. Pfizer, which is shipping its vaccines in specially made, temperature-controlled containers, will use GPS software to track the location and temperature of the shots, to prevent unexpected deviations, a spokeswoman said. “The distribution at this scale of such a valuable product with such high care is going to be a very significant challenge for the industry,” said Shabbir Dahod, chief executive of TraceLink Inc., whose technology is being used by some vaccine makers to track their products in the supply chain. United Parcel Service Inc. said it plans to use a tracking tool that will tag shots the company is shipping so it can monitor them within two meters of their location. Premier Inc., a large group purchasing organization for hospitals, is encouraging members to treat Covid-19 vaccines similarly to controlled substances, which by federal law are required to sit behind two different locks and be inventoried by hand, said Soumi Saha, the company’s vice president of advocacy. “High demand, completely low supply,” she said of the vaccines. “That means extremely lucrative for the black market.” As an added safeguard, Philadelphia’s Jefferson Health hospital system plans to keep temporary subzero freezers for storing Covid-19 vaccines in rooms retrofitted with security cameras, cages and keycard authorization, said Brian Swift, chief pharmacy officer. Some hospitals, however, say they don’t plan on anything more than standard security measures, such as storing vaccines in locked pharmacies that require keycards to enter. “The biggest thing I’m concerned about with the [Covid-19] vaccine is storage,” said Debbie Simonson, vice president of pharmacy for Louisiana’s Ochsner Health System, which purchased more than two dozen subzero freezers and a dozen refrigerators. “I’m not really worried about somebody trying to come in and take them.” Relying on typical cyber safeguards might not be enough for securing the vaccines, according to Kevin McDonald, a cybersecurity consultant for MedSec. The freezers and refrigerators for storing Covid-19 vaccines are especially vulnerable to cybercriminals, he said, because such devices are hooked up to data networks and have a mixed history of sound cybersecurity. Source