May 17, 2020

Why the Samsung Medical Center is not to blame for the spread of MERS disease

Hospital Leadership
Hospital Leadership
4 min
It is one of the countrys most intelligent buildings. It stands 20 stories high, is rooted five stories underground and sees more than 8,500 patients pe...

It is one of the country’s most intelligent buildings. It stands 20 stories high, is rooted five stories underground and sees more than 8,500 patients per day. Most recently, however, it has been blamed for the spread of the deadly MERS disease in South Korea.

Who is it? The Samsung Medical Center.

Regarded as “the jewel” of the country’s medical service, the center is a 1,306-bed hospital owned by the famous Samsung conglomerate, devoted to its model of being patient-centered.

The center is also where a 35-year-old man whose symptoms were misdiagnosed as pneumonia, languished for three days in an overcrowded emergency room and hallway, exposing dozens.

RELATED TOPIC: Can cellphone tracking slow the spread of MERS in South Korea?

Now, experts from the World Health Organization and South Korea have confirmed and traced 162 cases of MERS back to that patient at Samsung, calling him a “superspreader” and scrutinizing the hospital for its operations.

Historically regarded as the nation’s best hospital, the mistakes made by Samsung Medical Center are now the focus of much that has gone wrong to escalate South Korea’s MERS crisis—the worst outbreak since its initial appearance in Saudi Arabia in 2012.

But if we are going to isolate Samsung Medical Center as the cause for the spread of MERS in the country, we should also take a look at the entire health system in South Korea. For if it is the system that is flawed, can one hospital then really be to blame?

The Samsung Medical Center can’t be as ineffective as it is being made out to be seeing as how its staff diagnosed the country’s first case of MERS on May 20, attributing the discovery to their medical skills and expertise.

Meanwhile, it is believed inefficient emergency room management is the cause of the patient being left to wait for days in various parts of the emergency ward, potentially exposing the virus to an estimated 900 staff, patients and visitors.

It was not until May 29, when the Korean Centers for Disease Control and Prevention told Samsung Medical Center about the patient’s possible link to the first discovered case that the emergency room doctors were forced to react.

Yet, an over-crowded hospital condition is the norm for South Korea.

RELATED TOPIC: What you need to know about the MERS disease in South Korea

Low medical fees mean that hospitals must treat as many patients as possible to stay profitable, and therefore, there is no threshold. In addition, larger hospitals also get more crowded as family members and private nurses that are hired stay with patients. It is a social etiquette for South Koreans to visit hospitalized relatives, friends and colleagues, as well—all of these factors leading to the risk of close exposures in the health care setting.

“Even if one sympathizes with the awkward position in which Samsung Medical Center finds itself, what happened after May 29, when the 14th patient was diagnosed with MERS, was clearly the hospital’s fault,” Choi Gyu-jin, researcher with the Center for Health and Social Change told The Hankyoreh.

But conflicting statements from the World Health Organization further add to the logic not to place sole blame on Samsung Medical Center.

While initially attributing the cause of the spread to Samsung’s misdiagnosis and strategy, the World Health Organization later released a report explaining the reasons for cause of spread of the MERS disease.

“Conditions and cultural traditions specific to Korea have likely also played a role in the outbreak’s rapid spread,” the report reads. “The accessibility and affordability of health care in Korea encourage ‘doctor-shopping;’ patients frequently consult specialists in several facilities before deciding on a first-choice facility.”

RELATED TOPIC: Emergency preparedness for the modern hospital

If there is no stability in regards to which doctors sees which patient, how can the medical history of a patient be properly tracked, and within a reasonable amount of time?

“The Samsung Medical Center is a national hospital in the sense that there are no regional boundaries in medical service in the country and everyone wants treatment there,” Kim Woo-joo, head of the Korean Society of Infectious Diseases, reported to the New York Times. “The MERS outbreak was a stress test of our medical system, revealing its problems.”

Let's connect!   

Read the latest edition of Healthcare Global magazine!

Share article

Jun 13, 2021

How healthcare can safeguard itself against cyberthreats

Jonathan Miles
6 min
Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, tells us how the healthcare sector can protect itself from attacks

One of the most fundamental lessons from the COVID crisis is that health should always be a priority.  In a similar fashion to the human body that frequently fights off viruses and foreign invaders that intend to cause it harm, the sector itself is now a prime target for another type of external threat: cyberattacks.

The figures speak for themselves: between December and January this year, hospitals in the UK were at 89% capacity, with 7,000 fewer available beds than there usually are. As the pandemic increased pressure on hospitals, clinics, and research facilities to create a treatment for patients globally, it has left the sector exposed to hackers who, like a virus, have been targeting it relentlessly and evolving their tactics. 

From patient records being held ransom, to fake emails claiming to originate from the UN WHO, the NHS, or vaccine centres, through to attacks on the cold supply chain to find out the secret formula of the COVID vaccine, the healthcare industry is facing constant cyberattacks and struggling to cope. This threat is unlikely to go away anytime soon – and as such, the industry needs to take a proactive, preventative stance to stay safe in a dynamic digital world. 

Going digital 

The responsive nature of healthcare – particularly of hospitals – means that efficiency is crucial to the industry’s standard operations. To support this, the sector has been embracing technological advancements that can improve the quality of work, enabling staff to meet pressing deadlines, and enhancing patient care. For example, the industry has been digitising records and improving its ways of working through digital means over the past few years. 

This shift is critical to offer high quality patient care; yet, it also means the sector has become more dependent on IT, which can come with a risk if cybersecurity processes employed are deemed as inadequate. 

Without the correct security measures in place, the desired efficiency gains realised, can be easily lost in a heartbeat. Simply put, an elementary glitch in the system can have a tremendous ripple effect on many areas, from accessing patient records and conducting scans, to maintaining physical security and protecting the intellectual property of experimental treatment development.

To prevent this, healthcare organisations need to ensure they’re considering cybersecurity as part of their overall digital transformation strategy – and setting the right foundations to create a culture where safety goes hand in hand with patient care. 

Strengthening defences

Before implementing cybersecurity process, healthcare organisations need to assess the potential risks they face. Depending on how much confidential data the trust has, where it is stored, who has access to it and via which means, the cybersecurity strategy and associated solutions will change. 

It’s fair to say that a medical device start-up where all employees have a corporate-sanctioned laptop and access data via a VPN will have radically different needs to a large hospital with hundreds of frontline workers connecting to the hospital’s Wi-Fi using their personal device. 

These requirements will pale by comparison to a global pharmaceutical giant with offices in multiple locations, a large R&D department researching new treatments for complex diseases and a fully integrated supply chain. Considering the existing setup and what the organisations is looking to achieve with its digital transformation strategy will therefore have an immediate impact on the cybersecurity strategy.

Despite this, there are fundamentals that any organisation should implement: 
Review and test your back-up policy to ensure it is thorough and sufficient – By checking that the organisation’s back-up is running smoothly, IT teams can limit any risks of disruption in the midst of an incident and of losing data permanently.

In our recent State of Email Security report, we found that six out of ten organisations have been victims of ransomware in 2020. As a result, afflicted organisations have lost an average of six days to downtime. One third of organisations even admitted that they failed to get their data back, despite paying the ransom. In the healthcare industry, this could mean losing valuable patient records or data related to new treatments – two areas the sector cannot afford to be cavalier about.

Conduct due diligence across the organisation’s supply chain – Healthcare organisations should review their ways of working with partners, providers and regulatory institutions they work with in order to prevent any weak link in their cybersecurity chain. Without this due diligence, organisations leave themselves exposed to the risks of third party-led incidents. 

Roll out mandatory cybersecurity awareness training - Healthcare organisations shouldn’t neglect the training and awareness of their entire staff – including frontline workers who may not access the corporate network on a regular basis. According to our State of Email Security report, only one fifth of organisations carry out ongoing cyber awareness training.

This suggests it is not widely considered as a fundamental part of most organisations cyber-resilience strategy, despite the fact many employees rely on their organisation’s corporate network to work. By providing systematic training, healthcare organisations can help workers at all levels better understand the current cyberthreats they face, how they could impact their organisation, the role they play in defending the networks, and develop consistent, good cybersecurity hygiene habits to limit the risks of incidents. 
Consider a degree of separation – Information and Operational Technology (IT and OT) networks should be separated.

Although mutually supported and reliance on each other, employees shouldn’t be accessing one via the other. This should be complemented by a considered tried and tested contingency and resiliency plan that allows crucial services to function unabated should there be a compromise. Similarly, admin terminals should not have internet access to afford a degree of hardening and protection for these critical accounts.

As the sector becomes a common target for fraudulent and malicious activity, putting cybersecurity at the core of the organisation’s operations is critical. It will help limit the risks of disruption due to cyberattacks, reduce time spent by the cybersecurity team to resolve easily avoidable errors, and ensure that institutions can deliver patient care, safe in the knowledge that their networks are safe.  

Fighting future threats

With technology continuing to change the face of healthcare, the surface area and vectors available for attacks by malicious actors is constantly increasing. With the introduction of apps, networked monitoring devices, and a need for communication, the attack vector is ever expanding, a trend that needs to be monitored and secured against.

To prevent any damage to patients, staff, or the organisation they are responsible for, healthcare leaders must put security front and centre of their digital transformation strategy. Only then can the sector harness the full benefits of technology. Doing this should include implementing cybersecurity awareness training to challenge misconceptions around security, encourage conversation, and to ensure employee knowledge of the security basics and threats faced. 

This ultimately allows healthcare organisations to do what they do best: provide the highest standard of patient care, safe in the knowledge that their operations, patients, and data are safe.

Share article