Within clinical and public health microbiology laboratories where scientists work to diagnose infections and/or protect public health, the potential for biocrimes and insider threats is a serious risk that is often overlooked. These laboratories, which handle not only routine human pathogens but also antimicrobial resistant strains, emerging pathogens, and potential biothreat pathogens, must remain vigilant against those who might exploit their access for malicious purposes. 

Recognizing potential indicators is vital for laboratory directors, managers, and staff. This article explores the nature of biocrimes and insider threats, provides examples of past incidents, and offers guidance on how to identify and respond to these dangers.

Biocrime refers to the deliberate misuse of biological agents, toxins, or pathogens to cause harm, injury, or death to a specific individual or a small number of individuals.^1,2 This can include acts of sabotage, personal revenge, or intentional injury to individuals. Biocrime is often incorrectly grouped with bioterrorism, which is the intentional release of agents or toxins against a civilian population to cause mass panic, economic loss, or mass casualties for the purpose of ideological objectives.^1,2 Biocrimes are particularly insidious because they exploit the very tools meant to protect public health.

An insider threat involves someone within an organization who misuses their access to carry out a biocrime or other harmful acts.  There are both unintentional threats—negligence or accidental release—and intentional threats—a malicious insider with intent. Insider threats are especially dangerous in clinical and public health microbiology laboratories because of the access insiders have to pathogens, equipment, chemicals and reagents, protected health information (PHI), personally identifiable information (PII), and other sensitive laboratory information. These threats can stem from various motivations, including personal grievances (e.g., lack of recognition, skipped for promotion, termination), financial gain, ideological beliefs, or psychological issues.

Cases of biocrimes and insider threats

Contrary to the stereotype of an outsider breaking in, insider threats are laboratory staff with daily access to facilities, laboratory information systems, and pathogen stores due to their positions. Table 1 lists known examples of biocrimes committed by medical professionals; a few committed by laboratory staff are highlighted here:

1. Dr. Larry Wayne Harris, a private consulting microbiologist with extremist beliefs, became infamous in 1995 when he illegally acquired Yersinia pestis, the bacterium that causes plague. Harris used his credentials to order the bacteria under the guise of research. His plan was thwarted when the American Type Culture Collection (ATCC) became suspicious of the large quantity of bacteria requested and alerted authorities, leading to Harris’s arrest.

2. Diane Thompson, a medical technologist at St. Paul Medical Center in Dallas, Texas, deliberately contaminated pastries with Shigella dysenteriae in 1996, causing severe illness among 12 coworkers. Motivated by personal grievances, she also falsified laboratory reports to prevent diagnosing her ex-boyfriend’s infection. She was caught through the application of pulsed-field gel electrophoresis and serotyping epidemiological techniques, which traced the source of the infection to a strain in the laboratory.^1,3-5

3. Dr. Thomas Butler, a respected researcher at Texas Tech University Health Sciences Center, found himself at the center of controversy in 2003 when 30 vials of Yersinia pestis went missing from his lab. Although it was later discovered that Butler had destroyed the vials, his failure to document this action led to widespread bioterrorism concern, especially following the 2001 anthrax attacks. The U.S. District Court for the Northern District of Texas convicted him for mishandling plague samples shipped to Africa, lying to investigators, and defrauding the university.^6,7

Identifying insider threats: Behavioral indicators and the CRIME Framework

Identifying insider threats requires a keen awareness of potential behavioral indicators and an understanding of motivations driving an individual to commit a biocrime. It is important to note that displaying the below behaviors does not always mean a person has malicious intent or intends harm; instead, each incident should be holistically evaluated. This is a complex leadership challenge that many laboratory leaders are not comfortable handling. 

Lab Management Certificate

The Lab Management certificate is more than training—it’s a professional advantage.

Gain critical skills and IACET-approved CEUs that make a measurable difference.

Several key behaviors and motivations can serve as warning signs:

1. Unusual work hours: Employees who frequently work late or during odd hours, particularly when unaccompanied, may be attempting to access restricted areas or conduct unauthorized activities. Conversely, this behavior could also indicate the employee is overworked, has taken on too many projects, or is having home or family issues.

2. Accessing unrelated information: Individuals who access, copy, or bring home data or materials outside their normal scope of work without a valid reason may be seeking sensitive information for malicious purposes.

3. Sudden changes in behavior: Drastic changes in demeanor, such as becoming overly secretive, defensive, or hostile, buying things they can’t afford, or being overwhelmed by life crises, can indicate underlying issues that may lead to insider threats. As above, a change in behavior may indicate home, family, or other personal issues. 

4. Violation of security protocols: Repeatedly bypassing or ignoring security measures, such as failing to log out of systems, installing personal software, accessing restricted websites, or leaving secure areas unattended, may suggest malicious intent.

5. Novel or fixated aggression: A preoccupation or fixation with a person, especially with the intent to cause harm. New aggression may be a method for a person to experiment with aggressive behavior through acts such as animal cruelty, vandalism, theft, intentional rule-breaking, and leakage. Leakage is when a person provides a warning of intent to do harm, such as saying “Don’t eat those snacks, those are for specific people only” or “Call-in sick tomorrow, I have a feeling it will be a bad day”.

The CRIME framework is a tool used to understand the motivations behind insider threats. It includes five key indicators:

• Compromise: The individual may have been compromised through blackmail, coercion, or threats.
• Revenge: Retribution for personal grievances, such as perceived slights or workplace conflicts.
• Ideology: Strong ideological beliefs, whether political, religious, or social, for a cause they believe in.
• Money (financial gain): Financial pressures or the promise of monetary rewards.
• Ego: A desire for recognition, power, or control, believing they are above the rules or that their actions will prove their superiority.

Responding to suspected insider threats

If you suspect an insider threat in your laboratory, it is crucial to act swiftly and discreetly to mitigate potential harm. Here are the steps to take:

1. Report immediately: Confidentially report your concerns to your laboratory’s security officer, laboratory director, laboratory management, human resources department, or a designated insider threat program coordinator. Prompt reporting allows for timely investigation and intervention.

2. Document observations: Keep a detailed record, including time and date, of the suspicious behaviors or incidents that led to your concern. This documentation can be critical in an investigation.

3. Avoid confrontation: Direct confrontation about suspicious behavior must be weighed carefully. Laboratory managers should perform a threat analysis of the situation. Generally, it is recommended to not confront the individual directly. Confrontation can escalate the situation or tip off the potential threat, making it more difficult to intervene effectively by law enforcement. Laboratory managers can enlist the help of third parties by asking co-workers about strange behaviors. The employee may have confided to a co-worker about personal or home issues or even small pieces of information about their suspicious activities. Indirectly asking the suspicious employee, as well as with other staff to not raise suspicion, about laboratory concerns, stresses, or general “chit chat” can provide important key details.

4. Cooperate with investigations: If an investigation is initiated, cooperate fully with security personnel or law enforcement agencies. Provide all relevant information and follow their instructions.

5. Enhance security measures: Review and reinforce security protocols in the laboratory, such as restricting access to sensitive areas, ensuring proper logging of materials, and conducting regular audits. It is important to note that the U.S. Centers for Disease Control and Prevention (CDC) and the USDA’s Animal and Plant Health Inspection Service (APHIS) Federal Select Agent Program have requirements for obtaining and keeping organisms listed on the select agent list.

6. Promote a culture of security: Foster an environment where employees feel empowered to report suspicious behavior without fear of retaliation. Regular training on insider threat awareness can help reinforce this culture.

To protect both the workplace and public health, laboratory personnel must remain vigilant, understand the motivations behind insider threats, and recognize behavioral indicators. Establishing a culture of security through regular training, strict adherence to protocols, and proactive monitoring is essential. By taking these steps, laboratories can effectively safeguard against the hidden dangers that threaten their vital role in protecting society.

Table 1: Abbreviated list of biocrimes by medical and scientific professionals since the 1990s.

References:   

 1. Oliveira M, Mason-Buck G, Ballard D, Branicki W, Amorim A. Biowarfare, bioterrorism and biocrime: A historical overview on microbial harmful applications. Forensic Science International. 2020;314:110366. doi:10.1016/j.forsciint.2020.110366

2. Jansen HJ, Breeveld FJ, Stijnis C, Grobusch MP. Biological warfare, bioterrorism, and biocrime. Clinical Microbiology and Infection. 2014;20(6):488-496. doi:10.1111/1469-0691.12699

3. Bioterrorism and Biocrimes: The Illicity Use of Biological Agents Since 1900 (Center for Counterproliferation Research, National Defense University) 1-209 (2001).

4. Bridging Science and Security for Biological Research: Personnel Security Programs Meeting Report (American Association for the Advancement of Science) 1-45 (2013).

5. Christopher GW, Gerstein DM, Eitzen EM, Martin JW. Historical Overview: From Poisoned Darts to Pan-Hazard Preparedness. In: Bozue J, Cote CK, Glass PJ, eds. Medical Aspects of Biological Warfare (2nd Edition). Office of the Surgeon General Borden Institute, US Army Medical Department Center and School Health Readiness Center of Excellence; 2018:44-116:chap 1. Textbooks of Military Medicine.

6. Malakoff D, Drennan K. Plague Scientist Gets 2 Years. Science. Accessed September 1, 2024. https://www.science.org/content/article/plague-scientist-gets-2-years

7. Tanne JH. Infectious diseases expert sentenced to prison and fined. British Medical Journal. Mar 20 2004;328(7441):662. doi:10.1136/bmj.328.7441.662-d

8. United States of America, Plaintiff, v. Larry Wayne HARRIS, Defendant.,  (United States District Court, S.D. Ohio, Eastern Division. 1997). 

9. Stern J. The prospect of domestic bioterrorism. Emerging Infectious Disease Journal. Jul-Aug 1999;5(4):517-22. doi:10.3201/eid0504.990410