UVM restoring access to EHR weeks after cyberattack

The system's Epic electronic health record has been in "read-only" status at several of the system's sites, with MyChart patient portals also inaccessible.
By Kat Jercich
01:24 PM
People at keyboards in front of computer screens

The University of Vermont Health Network announced that it has begun restoring access to its electronic health record system at several sites, weeks after the system was hit with a major cyberattack.  

Currently, the Epic EHR is in "read only" status at inpatient and ambulatory sites at UVM Medical Center and at the ambulatory sites at Central Vermont Medical Center, Champlain Valley Physicians Hospital and Porter Medical Center. The network predicted that the restoration process would take several days.   

"We know the past few weeks have been extremely difficult ones – for patients as well as employees," read a statement posted Friday on the system's website. "This major step forward in the recovery from a recent cyberattack event should help alleviate some of the challenges we have faced and improve the efficiency of the care we provide." 


With the help of the FBI and the Vermont National Guard, the UVM Health Network has been wrestling to get its systems back in operation since it experienced a "significant" attack in late October.   

As of November 16, the system was still reporting outages across a number of its systems, most severely at the University of Vermont Medical Center. There, representatives advised patients to wait on scheduling a nonurgent appointment until the outages were resolved and noted that all laboratory results would be delayed, among other announcements.

Elsewhere in the network, patients were advised to expect slightly longer wait times and were also advised to bring a written copy of their lab or imaging orders if possible. The MyChart patient portal was also listed as inaccessible in several facilities.

Even sites that listed all available patient care services noted that electronic communication with the UVM Medical Center had been disrupted by the outage. 

"Federal authorities have directed us not to discuss the details of the attack on our IT systems in order to preserve the integrity of their investigation," said UVM Health Network president and CEO Dr. John Brumsted in a statement. "What I can tell you is that this attack was very broad in its reach. That means our response and restoration must be very carefully planned to be sure we can safely and securely restore our systems."


UVM is not alone in its vulnerability to a cyberattack. More than two million patients were affected by breaches reported in October alone, according to the U.S. Department of Health and Human Services.  

Although UVM has not offered details about the nature of the attack, the HHS found that slightly more than a third of the breaches reported to the agency in October took place over email, and about 40% took place over a network server.

The attack also took place the same week that HHS, the FBI and the Cybersecurity and Infrastructure Security Agency issued a bulletin warning of an "increased and imminent" danger of cyber threats against hospitals.


"This cyberattack happened in the midst of a global pandemic that shows no signs of slowing, making this situation even more troubling," said Brumsted. "That is why we are working so hard to prioritize the services that are most critical, and it is why we are investing significant time and human resources in manual processes that, while slower than in normal times, allow us to deliver care to those who need it most."  


Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.