Health News

Ransomware attack derails UVM's Epic implementation timeline

The University of Vermont Health Network announced this week that it was slowing down the planned rollout of its Epic electronic health record implementation following a cyberattack that is continuing to affect the system.  

The new second phase of the go-live will be pushed back eight months to November 2021, and the third phase will now be in April 2022.

“In 2020, our network, like those across the world, experienced tremendous challenges due to the COVID-19 pandemic, only to be further encumbered by a ransomware attack,” said UVM Health Network president and CEO Dr. John Brumsted in a statement.

“Given the obstacles we faced over the last year, modifying our timeline for installation of the EHR is the right thing to do,” he said.  


UVM embarked on its implementation to replace a patchwork of software applications that were not fully integrated – both within and outside of the hospital’s network. The first phase of UVM’s Epic implementation was completed in November 2019, when three UVM facilities began using clinical, scheduling, registration and billing functions for outpatient care.

In the second phase, inpatient units at Porter Medical Center and Central Vermont Medical Center, along with inpatient and outpatient units at Alice Hyde Medical Center, will be scheduled to go live in November 2021. Porter and Central Vermont were originally slated to go live in March.

Meanwhile, the third phase will include inpatient units at Champlain Valley Physicians Hospital and inpatient and outpatient units at Elizabethtown Community Hospital, pushed from November of this year to April 2022.

The system notes that these new timelines are contingent on the Green Mountain Care Board’s approval.  

The UVM Health Network is still experiencing consequences from the significant cyberattack that affected six of its hospitals in Vermont and upstate New York in late October, for which the state deployed the National Guard.

According to the system’s website, patients at the UVM Medical Center in Burlington and the Home Health and Hospice in Colchester may experience delays or disruptions in care. 

The incident compounded existing strains on resources from the COVID-19 pandemic, including the distribution of vaccines to employees and community healthcare workers.   

“We understand how frustrating and worrisome this disruption can be for you and your family, and we apologize for this experience,” reads a statement on the site.  


UVM was among several high-profile victims of cyberattacks in 2020, with systems such as Universal Health Services and the University of California, San Francisco targeted by opportunistic malware.

And, unfortunately, experts say that’s unlikely to change. The year 2021 will almost certainly see more challenges to cybersecurity, with bad actors continuing to take advantage of the COVID-19 crisis.  


“An electronic health record is one of the most significant things we can do to ensure high-quality care and create a seamless experience for our patients,” said Brumsted. “That is why it is absolutely critical to our patients, our people, and our communities that we get the implementation of this system right.”  


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article