Alison Young

USA TODAY

The Centers for Disease Control and Prevention, which has faced congressional hearings and secret government sanctions over its sloppy lab safety practices, is keeping secret large swaths of information about dozens of recent incidents involving some of the world’s most dangerous bacteria and viruses.

CDC scientists apparently lost a box of deadly and highly-regulated influenza specimens and experienced multiple potential exposures involving viruses and bacteria, according to heavily-redacted laboratory incident reports obtained by USA TODAY. Several reports involve failures of safety equipment. In one, a scientist wearing full-body spacesuit-like gear to protect against lethal, often untreatable viruses like Ebola, had their purified air hose suddenly disconnect — “again” — in one the world’s most advanced biosafety level 4 labs.

After taking nearly two years to release laboratory incident reports requested by USA TODAY under the Freedom of Information Act, the CDC blacked out many details including the types of viruses and bacteria involved in the mishaps and often the entire descriptions of what happened. In several cases, clues about the seriousness of incidents is revealed because CDC staff failed to consistently black out the same words repeated throughout a string of emails.

The CDC would not answer USA TODAY’s questions about specific incidents, which occurred at the agency’s laboratory facilities in Atlanta and Fort Collins, Colo., during 2013 through early 2015.

“None of the incidents described in these documents resulted in reported illness among CDC staff or the public,” the CDC said in a brief emailed statement. Where incidents involved “inventory discrepancies,” the agency said generally the problems were addressed without posing a risk to anybody. The CDC said incident reports cover a time period before the Atlanta-based agency created a new lab-safety office in the wake of three high-profile incidents during 2014 with anthrax, Ebola and a deadly strain of bird flu.

USA TODAY’s “Biolabs in Your Backyard” investigation has revealed hundreds of safety incidents at public and private research facilities nationwide and highlighted how many university, government and private labs have fought to keep records secret about incidents and regulatory sanctions. The USA TODAY investigation also exposed that more than 100 labs working with potential bioterror pathogens have faced secret federal sanctions for safety violations, yet regulators allowed them to keep experimenting while failing inspections, sometimes for years.

USA TODAY also revealed details about the operations and safety records of more than 200 high-containment labs across the nation, facilities whose identities have eluded even the Government Accountability Office.

In an effort to determine the extent of the CDC’s lab-safety problems, USA TODAY filed a request on Jan. 6, 2015 under the Freedom of Information Act (FOIA) seeking copies of lab incident reports for the previous two years .

But the 503 pages of records the CDC released in many cases look like Swiss cheese when an incident involves any pathogen that is on a federal list of potential bioterror pathogens, called “select agents.” They include pathogens such as those that cause anthrax, Ebola, plague or certain avian or reconstructed flu virus strains.

The CDC cites a 2002 bioterrorism law to justify its redactions. That law allows withholding from the public certain records filed with regulators or information containing specific “safeguard and security measures.”

However, in many cases, the CDC blacked-out information from lab incident reports that the agency often promotes when touting its capabilities and accomplishments on its website or in scientific journals, such as the fact that the CDC operates biosafety level 4 labs, the highest safety level, or that it studies specific organisms like the Ebola virus.

The CDC said it stands by its redactions.

The effort to keep details secret comes despite a 2015 White House memo to federal agencies calling for greater transparency in releasing information about research and incidents involving select agent pathogens. White House experts noted that withholding information often "has negligible security value" and that transparency can help improve public trust.

The CDC completely withheld 36 pages of lab incident records. In several other reports, the CDC redacted every word about what happened. In an August 2014 email with a subject line of “Lab Incident,” CDC blacked out the name and title of the writer. The author started the note: "When I came in this morning.” Then the agency has blacked out about 10 lines of text, citing the bioterrorism law. The agency, however, did disclose the writer’s final sentence: “Please let me know if you have any questions.”

The CDC also redacted every word in a lab accident report from December 2013 that apparently involved a dangerous strain of influenza virus. Several CDC staff copied on the email are people who were involved in the agency’s controversial work in 2005 using reverse genetics to reconstruct the 1918 flu pandemic virus, which had killed as many as 50 million people worldwide. The only types of flu designated as select agents, and potentially covered by the bioterrorism law are specimens of the 1918 influenza virus and certain deadly strains of avian influenza. The CDC did not answer USA TODAY’s questions about what pathogen was involved or whether anyone was treated for potential exposure.

Some records contain more clues than others about what went wrong.

“The air hose connector on my suit came off while I was working in [redacted] again,” a CDC scientist wrote in a May 2013 email to other agency staff, who other records show have a history of being part of the agency’s Viral Special Pathogens Branch, which works with deadly viruses like Ebola. The scientist wrote that a colleague helped them “get out safely, reattaching my hose as best he could … I live to work another day!” The CDC sought to conceal that the incident occurred in a biosafety level 4 lab, blacking out a checkbox from the top of the form that corresponds to a BSL-4 lab on the agency’s main Atlanta campus. But it failed to redact the same information in some other reports. The form says the incident occurred while the scientist was working with mice infected with a virus, but the CDC blacked out the name of the virus. The CDC sent out a mass email to about 40 lab workers the same day reminding them to make sure that their protective suits are in working order and to “be sure to pay attention to your breathing air hose” and ensure that connections are tight, the records show.

In a February 2015 string of emails that involves what employment records show are multiple members of CDC’s influenza division, the agency cited the bioterrorism law in blacking out the entire subject line. In one email, the first word in the short subject line remained. It says: “Missing” and is followed by a short redaction that is likely the name of a pathogen. The emails discuss whether a report will need to be filed with federal select agent lab regulators and says: “I will need a detailed summary of the search for this box from everyone involved in the search.” The only types of influenza viruses that would require reporting to select agent regulators are deadly strains of avian influenza and specimens of the resurrected 1918 flu virus. The CDC wouldn’t answer any of USA TODAY’s questions about what was in the missing box of pathogens or whether it was ever found.

The missing box may not be the only influenza specimens the CDC couldn’t account for. In another email string from January 2015, the subject line says: “Report Additional Inventory Discrepancies — Flu Division.” However in one of the emails, the CDC blacked out the words “Inventory Discrepancies” by citing the bioterrorism law.

There was a “possible biological exposure” at a CDC lab in Fort Collins, Colo., in May 2013, according to a printout from the agency’s Medgate tracking system. However the CDC blacked out all words contained in the “Long Description (What Happened)” and “Five Why Analysis” fields, citing the bioterrorism law. According to limited information released on the form, the primary source of the injury was “Insects arachnids (spiders, ticks, scorpions etc.)” and the secondary source was “Select Agent.” The field for findings says only: “The only re-training that might be necessary is to remind staff to transport tubes vertically.” The CDC wouldn’t answer questions about what happened in the incident or what pathogen was involved.

In August 2014, a CDC lab worker suffered a “potential finger puncture from a glass capillary containing” a type of select agent pathogen that has been blacked out by the CDC. “I could not find a hole in my glove. I immediately washed my hands,” the printout from an electronic reporting system says. The full description of what happened in the incident was not viewable in the electronic form when the CDC printed the page it released. Elsewhere on the form, however, limited information provides intriguing clues. One part of the form discloses: “To evaluate if vial contained vaccinia. To evaluate the condition of Vaccinia. To understand how stable” — and the rest is redacted citing the bioterrorism law. The phrase indicates the scientist was evaluating the stability of a pathogen specimen over time. Vaccinia is a type of virus used in vaccines that protect against the smallpox virus, which killed three out of every 10 people it infected before being eradicated. While vaccinia is not a select agent, the smallpox virus is. In July 2014, a few weeks before this lab incident, long-forgotten vials of vaccinia and smallpox viruses dating back to 1946-1964 were discovered in a cold-storage room at the National Institutes of Health in Bethesda, Md., and some of the vials were sent to CDC for evaluation. The CDC would not answer USA TODAY’s questions about whether the specimens in lab incident came from the discovery of forgotten vials at the NIH in July 2014 or whether the redacted pathogen name was the smallpox virus.

In addition to being a lab operator, the CDC co-runs the Federal Select Agent Program that inspects and regulates government, university, military and private labs that works with these regulated viruses, bacteria and toxins. The U.S. Department of Agriculture is CDC’s partner in the regulatory program.

After winning a Freedom of Information Act appeal last year, USA TODAY revealed that the CDC is among a small group of biolab operators nationwide that have the worst regulatory histories in the country, receiving repeated sanctions under secretive federal regulations. The CDC had previously cited the 2002 bioterrorism law to keep secret the names of government, public and private labs — including its own — that have been suspended or that have faced enforcement actions for violating safety and security regulations in their work with potential bioterror pathogens.

In CDC’s recent document release, when incidents involved pathogens not on the select agent list, more details were sometimes available.

In April 2014, a mangled box filled with biological samples — at least one of them broken — arrived without any labels that it contained infectious materials by regular United Parcel Service delivery to the desk of a CDC worker, rather than to a laboratory, according to a 40-page email string about the incident.

The box, from the North Carolina State Laboratory of Public Health, had been shipped in a re-used box without appropriate packing materials and arrived with a “gaping hole” in one corner, according to the CDC emails. Inside the box were specimens of bacteria that cause potentially life-threatening Typhoid fever.

“I’ve learned that there are indeed some tubes of Salmonella Typhi in this box, not sure if any are broken (don’t really want us to get our hands in the box we already know is contaminated and has broken glass in it to find out),” wrote Jean Whichard, team leader of the CDC’s National Antimicrobial Resistance Surveillance Team, in an email to other CDC staff investigating the risks posed by the shipment.

In the end, the CDC determined that only one vial broke and it contained Salmonella Newport bacteria, which has been associated with food-borne illness outbreaks. At least two CDC workers who handled the package underwent occupational health evaluations. In a later email, Whichard wrote “luckily no tubes flew out of the breach in the box during shipment, and I just gingerly lifted each tube out with forceps to confirm that none of the Typhi tubes broke.”

Officials at the North Carolina lab said they were unable to provide comment because of the recent holidays.

To read the records released by the CDC in response to USA TODAY's January 2015 Freedom of Information Act request, go to: CDC incident reports. Read full coverage of USA TODAY's investigation of safety issues at the CDC and other public and private lab operators: biolabs.usatoday.com.

Follow USA TODAY investigative reporter Alison Young on Twitter: @alisonannyoung

CDC lacked key lab incident reporting policy despite scrutiny, promises

Safety experts slam lax safety practices at CDC labs

CDC labs repeatedly faced secret sanctions for mishandling bioterror germs

CDC failed to disclose lab incidents with bioterror pathogens to Congress