The COVID-19 global pandemic has put a spotlight on the challenges of creating a reliable and safe vaccine cold chain storage system. The term cold chain refers to a supply chain that maintains strict temperature controls throughout the chain of transportation modes of products. The cold chain is particularly important in the healthcare industry because many medical products, including COVID-19 vaccines, have reduced efficacy or complete spoilage if they fall out of a specific temperature range.
Many countries did not have the infrastructure for a cold chain system through which large quantities of vaccines, produced by Pfizer, AstraZeneca, and Johnson and Johnson, could be transported. Developed countries rushed to rapidly update their supply of high-powered freezers, refrigerated trucks, and other equipment used for cold chain storage.
However, many people, and even company executives, don’t realize that the vaccine cold storage chain carries with it a number of vulnerabilities that make it a potential target for hackers and other malicious actors. For criminals with technical expertise, cold chain storage is vulnerable. Let’s explore how cold chain storage systems are set up and a few of the major potential weaknesses they have.
What is Vaccine Cold Storage?
Vaccine cold storage refers to a specific type of supply chain that is meticulously designed to keep vaccines at low temperatures throughout transit to destinations at hospitals, healthcare centers, and ultimately into patients. Pfizer vaccines are normally shipped in thermal shipping containers at ultra-low temperatures between -90 degrees and -60 degrees Celsius, or -130 degrees to -76 degrees Fahrenheit.
Normally, the thermal shipping containers that vaccines are stored in are insulated and contain dry ice, which serves to keep temperatures extremely low.
Healthcare centers must follow a specific protocol when opening the thermal shipping container and retrieving the vaccines. They must examine the shipping containers thoroughly and inspect them for damage. If damaged, healthcare professionals must contact Pfizer or the vaccine manufacturer to ask what next steps to take.
If healthcare professionals confirm that there is no damage to the shipping container, they must put on PPE equipment including gloves, masks, and goggles to remove the vaccines from the container. They must also put the shipping container in a room with adequate ventilation, since small leaks can result in an oxygen-deficient environment which can be hazardous.
After opening the shipping container, healthcare professionals can then press the stop shipment button on the temperature monitoring device. If storing the vaccines at ultra-low temperatures, which is recommended if possible, they must be removed with the tray without touching the vials and placed in a freezer at -90 degrees to -60 degrees Celsius within 5 minutes.
Some healthcare centers might not have ultra-low temperature freezers, in which case they can keep the Pfizer vaccines in a freezer with a temperature of -25 to -15 degrees Celsius. However, Dickson notes that vaccines stored at these temperatures can only be kept for a maximum of two weeks.
As you can see, the vaccine cold storage chain is quite detailed and specific. And supply chain workers who handle the vaccines at any point in the chain must be adequately trained and prepared to transport vaccines.
How are Data Loggers and Temperature Monitors Used for Cold Chain Storage?
An important part of ensuring the transport of vaccines is to consistently monitor the temperature of shipping containers, freezers, and other vaccine storage facilities. The healthcare industry has found that traditional thermometers can be quite inefficient for recording internal temperatures. As the healthcare industry, like all major industries, was subject to the forces of digitization, companies realized that they could use digital temperature recorders and data loggers to measure and record temperatures at regular intervals.
The introduction of data loggers in healthcare meant decreased human error, heightened automation, and more accurate temperature readings. It is therefore no surprise that data loggers are used extensively in the vaccine cold storage chain.
As mentioned above, the thermal shipping containers of vaccines are outfitted with data loggers to monitor the temperature of shipping containers at regular intervals. Moreover, after receiving vaccines, healthcare professionals click a button to end the shipment process, which automatically sends an email to the vaccine manufacturer to inform them that the vaccines have been successfully delivered.
Data loggers are also placed in the freezers of healthcare facilities that store vaccines to make sure that alerts are issued if temperatures deviate from acceptable ranges.
How Can Vaccine Cold Storage be Hacked?
Many people might not realize that the most common hacking techniques are actually not particularly technical or malware-driven. Known in hacking communities as social engineering, the most common way employees of large private and governmental organizations are manipulated is through behavior.
Even hacks that incorporate malware often also include a social engineering component in which the behavior of individuals, employees or third parties are manipulated and that often results in huge losses for companies targeted. One example in the case of hacking cold chain storage might be to hack the social media accounts of healthcare workers to gather compromising personal material which could be used to blackmail them. Hacking social media accounts is a relatively trivial task for experienced hackers, since various pieces of malware can be downloaded from the dark web which essentially do the job on their own.
After gathering compromising or embarrassing photographic or written material on employees’ social media accounts, this can be used to blackmail employees into tampering with vaccine cold storage shipping containers or freezers. Hackers could even coerce employees into giving vaccines to certain individuals who might not have been eligible to receive them otherwise.
This sort of technique is more common than you would think, particularly in developing countries where corruption is pervasive and vaccines are in short supply. Similar social engineering tactics could be used to compromise supply chain workers.
Aside from social engineering, hackers have a number of other techniques at their disposal, including distributed denial-of-service (DDoS) attacks, phishing attacks, and malware systems such as Pegasus.
How Can Hospitals and Clinics Protect Themselves?
The most important part of protecting hospitals and clinics from hackers is to carefully train employees and staff about the tactics hackers use. Hospitals and clinics should also make resources available for employees that are compromised by hackers, so that employees have somewhere to turn in the rare case that their social media or sensitive information is hacked.
Training should also include specific instructions on how to recognize phishing attacks. Phishing refers to hacking technique that includes sending a fake email to an individual which looks like it is from a reputable organization. In fact, the email is sent by a hacker, and it often requests the recipient to reset their password or disclose personal information.
In the case of vaccine cold storage, an example might be an email that appears to be from Pfizer which requests sensitive information from employees. Healthcare professionals should be trained on how to recognize potential phishing emails and report them to a cybersecurity team.
Hospitals and clinics should also make sure that they are using modern database infrastructure to protect themselves against SQL injection attacks. It sometimes makes sense to retain a cybersecurity firm, consultant, or subcontractor to make sure that their infrastructure is up-to-date. Cybersecurity teams could also play a role in helping to train employees.
Restrict Access to Temperature Displays and Use Secure Temperature Sensors
Hospitals and clinics should also segment their organization to restrict access to temperature displays and other sensitive data.
Making sensitive information only available on a need-to-know basis will make employees less vulnerable. In particular, you should keep the specific model of data logger used by your firm confidential. This prevents hackers from buying identical models to discover potential vulnerabilities.
Only designated personnel should be able to view temperature displays and data collected by data monitors.
Companies can also protect themselves by making data related to temperature levels less accessible on a hardware level. One example is for companies to install blinders on temperature displays of data loggers. These blinders are similar to those used for ATMs and voting machines and can help keep temperature data confidential.
Another approach is to get rid of real-time temperature displays entirely when they aren’t necessary. Restricting access to facilities where temperature displays are visible is a no-brainer and should be adopted by any company that wishes to limit access to temperature data. Even in rooms or areas where displays are located, adjusting the angle or positioning of displays to make them less visible can also be worth doing.
Companies should also consider which kind of temperature sensor they are using and use sensors that are more secure when possible. Traditional thermocouple sensors are often more susceptible to electromagnetic interference, so using a chemical sensor or integrated sensor can be more secure. Just keep in mind that the sensor you choose must be specific to the particular applications you are using it for since many of these more secure sensors can not be used to measure temperatures below -40 degrees Celsius.
A final step that cautious companies should take is to regularly move data loggers to different locations within the organization. When moving data loggers, it often makes sense to place them in the center of the room so that they can not be maliciously accessed through the wall of an adjoining room.
In conclusion, vaccine cold storage chains do present a potential risk to healthcare centers. It is crucial that staff is adequately trained and modern and secure software infrastructure is used in order to minimize these risks.