UVM Health Delays Epic EHR Implementation After Cyberattack, COVID-19

The University of Vermont (UVM) Health Network announced it will revise and delay its upcoming Epic EHR implementation phases following a major cyberattack and subsequent COVID-19 vaccine distribution.

The newly scheduled timeline and second EHR launch phase will occur at the inpatient units at Porter Medical Center and Central Vermont Medical Center, along with the inpatient and outpatient units at Alice Hyde Medical Center. Leaders expect these to go-live in November 2021.

UVM Health leaders and Epic Systems scheduled the following EHR go-live in April 2022. This will include the inpatient units at Champlain Valley Physicians Hospital, and both the inpatient and outpatient units at Elizabethtown Community Hospital.

These newly proposed timelines depend on the Green Mountain Care Board approval, according to UVM Health.

“In 2020, our Network, like those across the world, experienced tremendous challenges due to the COVID-19 pandemic, only to be further encumbered by a ransomware attack,” said John Brumsted, M.D., President and CEO of the UVM Health Network.

UVM Health faced a substantial system-wide network outage following an October 28 ransomware attack on its computer network. The attack disrupted electronic communications across the health system and the radiology department also experienced significant delays.  

The attack affected at least six of the hospitals in the network. UVM Medical Center and its MyChart patient portal faced the brunt of the impact.

As a response, UVM Health Network and the governor of Vermont worked with federal law enforcement to aid the hospital’s recovery process. The Army National Guard Cyber Response Team deployed on November 5 and gave the health system a technological boost within a few days.

As of its most recent update, the health system is still recovering from the cyberattack. The patient portal remains unavailable and UVM Health it is working to restore that solution. UVM Health is also working with the FBI on its investigation into the matter.

On top of the cyberattack, the hospital is now administering the Pfizer-BioNTech and Moderna COVID-19 vaccines to its employees and state-identified community health care workers in Northern New York and Vermont.

“An electronic health record is one of the most significant things we can do to ensure high quality care and create a seamless experience for our patients,” Brumsted continued. “That is why it is absolutely critical to our patients, our people, and our communities that we get the implementation of this system right. Given the obstacles we faced over the last year, modifying our timeline for installation of the EHR is the right thing to do.”

Following a year-long approval process, the Green Mountain Care Board (GMCB) approved a $151.7-million Epic EHR replacement at four hospital affiliates of the UVM Health Network.

Before to the cyberattack, the health system aimed to complete the EHR replacement project over a six-year period. After the 2019 implementation, the next phase included the inpatient units at Porter Medical Center and Central Vermont Medical Center in March 2021. Phase three was scheduled for the inpatient units at Champlain Valley Physicians Hospital and for inpatient and outpatient units at Alice Hyde Medical Center and Elizabethtown Community Hospital in November 2021.

There were dozens of different EHR systems at each hospital in the network that were expensive to maintain and lacked in interoperability, said UVM Health. Additionally, the health system said the new system aims to support the transition to population health in both Vermont and New York.

UVM Health Network officials initially estimated replacing and maintaining the patchwork of EHR systems in use at affiliated hospitals would be significantly more expensive than implementing a new system.