PLATTSBURGH — University of Vermont Health Network officials say an important milestone has been reached in the recovery from last month’s cyberattack.
Monday brought the announcement that, over the weekend, access to the electronic medical record system, Epic, was restored at inpatient and ambulatory sites at the University of Vermont Medical Center (UVMMC) in Burlington.
UVMHN Champlain Valley Physicians Hospital in Plattsburgh is one of three component facilities that utilizes the system in its outpatient clinics. It was hoped access there could be restored soon.
“This is a big step in getting back to where we were prior to the cyberattack,” UVMHN Executive Vice President of Operations Al Gobeille said during a phone press conference Monday afternoon.
“Basically, Epic and several other applications and our infrastructure are now back live, but I do want to be clear that this will be an evolutionary process as we bring the totality of our applications back up.”
The cyberattack on the network’s systems Oct. 28 coincided with similar attacks on the country’s health care and public health systems.
The Federal Bureau of Investigation in Albany and the Vermont Department of Public Safety were working on a probe into the incident.
Reached Monday, FBI Albany Public Affairs Specialist Sarah Ruane said U.S. Department of Justice policy prevents her from commenting on ongoing investigations. Gobeille said the FBI has asked the network not to discuss the incident.
The resulting system-wide outage had varying effects on network hospitals, such as disrupted communications with the Burlington hub and patients having to call ahead to confirm appointments.
The network announced last week that read-only access to Epic was restored, which gave providers the ability to view patients’ existing health records.
“That allowed them to see schedules, medical histories, allergies, et cetera,” Gobeille said.
Epic’s full restoration means providers can use the platform as it was intended, including to write orders and input notes, UVMMC President and COO Dr. Stephen Leffler said.
Gobeille explained that, when the attack occurred, the network essentially took down Epic in order to protect it. The infrastructure had to be rebuilt before UVMHN could safely start it back up.
UVMMC is the only hospital in the network with the complete Epic package, while CVPH, Central Vermont Medical Center and Porter Medical Center only operate it in their outpatient clinics.
“It is hosted primarily by UVMMC, and so those clinics run through a protected gateway that we needed to make sure was safe once we got UVMMC up,” Gobeille said. “It’s really just a matter of going through the steps to get it done in a safe environment. “
Leffler said the facilities with only partial Epic rollout had good downtime procedures and were able to shift offline more easily, since they were less reliant on other Epic connections for inpatient care.
“It’s still tough for patients, we’re not minimizing that.”
On next steps, Leffler said the clinical team was prioritizing a list daily, with radiology constituting a major focus.
“Our clinicians are working every day as we get things back online to decide what we can and can’t do. We have not been doing some stroke care, because we don’t have access to some of the old images, and as of today that’s still ongoing, but it is getting better so I would think, in the very near future, we may be able to reevaluate that.”
Leffler noted that some processes may continue to take longer due to workarounds and the inefficiency attached to doing things by phone or paper.
Gobeille gave as an example how the application connecting the network to a Mayo Clinic Laboratories reference lab was down, necessitating manual operations.
“That application takes both Mayo and our folks to get it back up, and so we’re hopeful that that will be in the next day or two. The workaround is just way more time consuming.
“We have a very safe process for distributing results but it’s just not as efficient as having it go through the electronic medical record.”
Gobeille said, independent from UVMHN’s issues, Mayo was seeing longer turnaround times of COVID-19 test processing. As a result, the network started sending samples to the Broad Institute to get those times down.
“Starting at the end of last week, we’ve seen a really strong improvement in that."
As of Monday, the network did not know of any instances where patient information was compromised, Gobeille said, adding that they would work with the U.S. Centers for Medicare and Medicaid Services, and Health and Human Services to meet their standards for verification.
“If we do find any (information) was, we will notify each person immediately.”
Since Epic was up and stable Monday, that allowed the network to spend the day trying to plan for when other applications, and eventually all of them, could be back online, Gobeille said.
Leffler added that the cyberattack impacted more than 500 applications at UVMMC, and that staff were being told to prepare for having to wait at least a couple more weeks before operations return back to normal.
“It’s going to take time and, as we prioritize that list, some things will be low on that list. (Those applications) probably won’t be patient-facing, but we’re probably going to have weeks in front of us before we’re back to ‘normal.’”
Leffler said there will be an evaluation on what was learned from the cyberattack.
“We hope to never have it again, I’ll tell you that.”
Gobeille added that, as systems have been brought back up, every decision has been made with an effort to move toward protection and modernity.
“Even our email system is now a different system from Microsoft, than what we went into the cyberattack with. That’s all designed to protect us better.”
He described the event as an “arms race” between UVMHN’s cyber IT team and the “bad folks.”
“This stuff is evolving very quickly. We may get ahead of them right now, and they’re going to work really hard to pass us, and so we’re doing some things now to even be more secure and rebuilding things in different ways.”
Email Cara Chapman: