Solving the Eli Lilly Drug Theft

It turned out be the largest theft of prescription drugs in United States history, as described by the authorities, and it was intricately orchestrated and meticulously executed. The late-night operation lasted five hours, with the thieves descending into an Eli Lilly warehouse in Enfield, Conn., cutting a hole in the roof of the warehouse and lowering themselves with ropes after compromising the alarm system. Over the next five hours, they used a forklift inside the warehouse to load the drugs into a tractor-trailer and made off with approximately $80 million worth of prescription drugs, which were loaded into a truck and eventually driven to Florida.

The theft made national news and Eli Lilly quickly organized an internal effort to improve their processes and procedures around cargo and warehouse security says Bob Reilley, Chief Security Officer for Eli Lilly and Company. “My team immediately began working with our internal partners to include distribution and manufacturing united around our main priority, patient safety.”

Reilley and his team also began the process of cooperating fully with the Enfield Police Department and the FBI. “During my law enforcement career (local law enforcement and FBI) we were most successful when we worked with other agencies and combined efforts. This case was no exception to that,” he says. “The Enfield Police Department conducted a detailed crime scene investigation and the evidence gathered appears to have contributed to the ultimate charges that were filed.”

The FBI’s initial engagement was likely based on the assumption that the stolen product would be transported in interstate commerce, the potential for public harm and the size of the loss. “It was a figure that got everyone’s attention around the world to include the risk posed by organized groups of this nature,” Reilley says.

“The thieves probably had a plan to distribute the stolen drugs outside the secure pharmaceutical supply chain. Organized criminal groups of this nature are not concerned about patient safety or good manufacturing practices and that can negatively impact the ultimate consumer,” Reilley notes. “This was certainly not their first crime, but I don’t think that they were prepared for the attention this burglary received. That may have helped law enforcement as much as anything, along with their full engagement to keep the pressure on.”

But the story does have a better ending. The drugs were recently recovered in a Florida warehouse and will be destroyed when no longer needed as evidence. Several individuals have been indicted by a Federal Grand Jury in New Haven and Miami and were arrested in connection with the March 2010 burglary. Others included in the Miami indictment have been charged in connection with a string of drug, cigarette and liquor thefts in recent years, a theft from a GlaxoSmithKline warehouse in Virginia, and shipments stolen at truck stops in several states.

“For several years now, cargo theft in the pharmaceutical sector has been on the rise, exacting a terrible cost on the industry and danger to the public,” said David B. Fein, the United States Attorney for Connecticut, when the arrest was made. “Today’s arrests are an important step in ensuring the integrity of our drug supply chain.”

Eli Lilly examined internal external security controls and processes and pursued measures to improve them as a result of the burglary. Before the break in, Reilley says the company had a security vulnerability assessment process in place. “That process and the associated security measures did not deter the burglars who entered our warehouse,” he says. “From that point lessons learned and shared best practices became even more important.” Reilley and his team developed and documented suggested warehouse security practices and distributed them to their global partners, “to make sure that what happened to us does not happen to others,” he says. The suggested practices cover visitor and perimeter control, alarm system protocol and more. “Before this occurred we had logical security measures in place. Our practice going forward also includes globally recognized security standards. These measures can’t be implemented overnight, but we have begun the process in our company owned and third-party warehouses and logistic cargo holders throughout the world.”

“Along with security measures is there another deterrent factor for groups like this?” Reilley asks. “That’s where the attention of law enforcement comes into play. Give them the tools to conduct the investigation and gain the cooperation of those involved to disrupt and dismantle these organizations. This includes increasing the federal penalties for crimes of this nature where the theft of medical products can put patients at risk. Thieves will learn from their mistakes, so added security measures alone are not the answer. Lilly entered into a partnership in 2011 with six other pharmaceuticals companies, to form the Coalition for Patient Safety and Medicine Integrity to seek increased penalties for thefts of this nature. Thus far, we are optimistic based upon the support from the Senate and House that improvements will be made to increase the federal penalties. When it comes to medical products, there’s currently no distinction. The penalty upon conviction at present is the same whether it’s stolen life saving medical products, TVs or tires.”

Copper and Metals Allure

Thanks to many factors, the Eli Lilly case did not end up a cold case. Yet, deterring theft is an ongoing struggle for many security executives. According to the 24th Annual Retail Theft Surveyby Jack L. Hayes Intl., shoplifters and dishonest employees stole more than $6 billion in 2011 from just 24 major retailers. “In 2011, both the apprehensions and recovery dollars from shoplifters and dishonest employees rose; up 5.8 percent and 11.4 percent respectively,” says Mark R. Doyle, president of Jack L. Hayes International. “While shoplifter apprehensions rose 6.0 percent and dishonest employee apprehensions rose 3.3 percent, the recovery dollars from these apprehensions was up 13.9 percent for shoplifters and 5.6 percent for dishonest employees. It should also be noted that shoplifter apprehensions and recovery dollars have increased 8 of the past 10 years. The seriousness of retail theft is a much greater problem than many people realize. These theft losses are driving retail prices higher and putting some stores out of business.”

Metal thefts have increased, as well. A report from the National Insurance Crime Bureau (NICB) confirms what many have learned through news reports and, unfortunately, their own experience that thefts of copper and other metals are occurring all over the nation. Beginning in August 2009, NICB says that thefts steadily increased across the nation driven, once again, by rising prices for base metals – especially copper.

Whether the theft is an expensive personal irritant, like finding your catalytic converter has been stolen, or one that threatens public safety, as in the recent theft of copper wiring which blacked out runway approach lights at the Modesto, Calif., regional airport – metal thefts are increasing in frequency and severity.

In an unclassified intelligence assessment first released in 2008 and modified in 2010, the Federal Bureau of Investigation wrote, “Copper thieves are threatening U.S. critical infrastructure…and present a risk to both public safety and national security.”

Entire stretches of highways have been plunged into darkness, and traffic controls at busy intersections have been rendered inoperative.

According to the report, the top five states generating the most metal theft claims are Ohio (2,398); Texas (2,023); Georgia (1,481); California (1,348); and Illinois (1,284).

It’s a problem that Ray Ferrara, CPP, CFE is aware of. Ferrara is Corporate Security Manager for Ferguson Enterprises, Inc. in Newport News, Va. The company is the largest wholesale distributor of residential and commercial plumbing supplies, including pipe, valves and fittings in the U.S. Ferguson is also a major distributor of HVAC/R equipment, waterworks and industrial products and services. It employs 17,500 associates in 1,300 service centers located throughout the U.S., Puerto Rico, Mexico and the Caribbean.

For internal theft prevention, Ferguson Enterprises has a deterrent process that is backed by a strong ethics program and code of conduct, in addition to security and fraud awareness training for all associates. “Our awareness, prevention and detection programs educate our associates about the mechanism of external and internal theft. We also have confidential theft hotlines where people can report suspect incidents for internal review and investigation,” he says.

The theft of copper is an ever increasing concern, he says, as the company has copper and brass fittings, pipe, and other items that sell for high value as scrap. “It’s a management process to get people engaged because all of us are in this together. We are the Ferguson family, that’s what these efforts are about,” he says.

Beyond that, the Ferguson security team tracks copper and metal sales on sites such as Craigslist and eBay. They also have a shortage control program to take a deeper look at processes. To protect their yard areas in some threat prone locations, Ferguson has installed Videofied systems. In one instance, thieves who were trying to steal metal product were captured within 48 hours of the Videofied system install.

Brian Smith, Lead Security Specialist for Progress Energy in Raleigh, N.C., is working to mitigate the losses from copper theft from the company’s substations. Progress Energy includes two major electric utilities that serve about 3.1 million customers in the Carolinas and Florida. “Substations are difficult to secure,” Smith says. “In some locations we don’t have power or network or phone lines.” He estimates the company has lost $1.3 million from copper theft from 2009-2011.

Smith began to use the Videofied solution in 2009, as well. Since then, with the aid of Videofied and Law Enforcement, Progress Energy has interrupted 146 burglaries in process. The company estimates that those 146 burglaries would have cost $500,000.

“It’s unfortunate that so much time is spent with copper theft,” Smith says. “We have very little vandalism or internal theft. Not to say that we don’t have some issues, but they are minor. The majority of what we do is mitigating copper theft.”

A Holistic Approach

Curtis Shewchuk, Chief Security Officer for Con-way, Inc. uses a holistic approach to effectively manage risk and reduce theft. Con-way is a leader in the transportation and logistics industry, with 28,500 professionals and business models, in the U.S., Latin America, Europe and Asia.

“Our main focus is identifying risk and minimizing it,” Shewchuk says. “Our business units deploy all types of technology, including biometric, trailer tracking and access control, but our most effective tool is our employees,” he says. “They are our number one security and risk mitigation stakeholders and they are supported by sound and sensible policies and procedures, including employee engagement procedures. The whole thing is brought together by a culture that is developed at the top of each company. Security and safety are non-negotiable. When you get every employee understanding security, that creates a potent program for minimizing risk involved allegations of domestic terrorism.” One recent incident that Shewchuk and his team faced was Ali-M Aldawsari, who was arrested with attempting to detonate a weapon of mass destruction, namely a chemical-based improvised explosive device, possibly targeted for former President George W. Bush, according to an affidavit filed in the case.

Khalid Ali-M Aldawsari, who was a student living in Lubbock, Texas, is accused of purchasing chemicals and laboratory equipment that can be used to make explosives.

“In that situation, our holistic approach cast a net out to our business unit employees,” Shewchuk says. “Through security training, our employees identified the chemicals as suspicious shipments and activity. They immediately reported their suspicions to Con-way Corporate Security, who then notified and supported the FBI with the case. In that case and in each area, the approach helps us to mitigate everything on the front end from cargo theft to attempted acts of terrorism. Minimizing risk needs to be done in a very thoughtful way, where you have complete support from the executive leadership along with support from our customers, and engaging our employees so we always have positive results,” he says.

The Cell Phone and Theft

Buying a cell phone is more than the data plan: it’s about the phone’s features, buttons, how it feels in your hand. Joe Davis, director of Loss Prevention Operations & Major Investigations for T-Mobile in Bellevue, Wash., knows this well. One of the challenges that he faces in T-Mobile’s wireless stores, is the way that inventory is managed.

"We have smaller stores and we manage our inventory differently,” he says. “We don’t put shelves of inventory out, so our exposure with traditional shoplifting is minimized. But what is a risk is the live demo devices for our customers to interact with.” Over an 18-month period, Davis set out to reduce false alarms and theft with the devices. “There’s nothing more annoying than a honest person interacting with a demo device and the alarm goes off,” he says. “That causes a negative experience for the customer. Plus, our employees would turn off the system all together out of frustration to avoid the false alarms, so we had no protection.” The eventual product Davis would use had to be an obvious deterrent and not interfere with customer interface and experience. A third goal was to minimize maintenance and repair.

“We started to research companies that could support us with those goals. And we asked ourselves if the best case scenario existed. Each vendor had some critical deficiencies as it related to certain aspects and what we needed inside of our business.”

The solution was a steel tether with technology built in that minimizes false alarms, does not interfere with the customer experience and has reduced theft. It’s currently used in 70 percent of T-Mobile’s retail locations. “In the first full year of using it we saw a 43 percent percent reduction in demo phone losses in one year and a 93 percent reduction in our false alarm rate,” Davis says. “We also saw our total cost of ownership drop in the new stores by 30 percent versus stores that have the older devices. For us it was a win-win situation because we increased customer satisfaction as well.”

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.