Cybersecurity News

Lasting Effects of Kronos Cyberattack Ripple Through Healthcare

A December cyberattack on HR management solutions provider Kronos is having lasting effects on healthcare workforce management and payroll services.

Lasting Effects of Kronos Cyberattack Ripple Through Healthcare

Source: Getty Images

By Jill McKeon

- HR management solutions provider Kronos, also known as Ultimate Kronos Group (UKG), is still recovering from a December 11 cyberattack that impacted Kronos Private Cloud customers across multiple industries.

Impacted healthcare organizations are still struggling with workforce management and payroll services as the recovery process continues.

Kronos has been providing frequent updates on its recovery process through a designated webpage. As of January 6, all impacted customers had been contacted by a dedicated UKG recovery liaison.

Below is a list of known impacted healthcare organizations along with information about each organization’s recovery status. This list will be updated as more information becomes available.

UF Health

UF Health Jacksonville employees told the News4JAX I-TEAM in early January that they were still waiting on overtime and holiday pay nearly six weeks after the attack. UF Health told the employees that they will receive the money they earned once Kronos has resolved the issue, the report stated.

READ MORE: Cyberattacks Increase Mortality Rates, But Healthcare Is In Denial

The Florida health system said that it has been paying its employees the same base pay they were receiving before the cyberattack. But employees who are working overtime and holidays will not see the extra time reflected in their paychecks until Kronos has fully recovered.

A spokesperson told the News4JAX I-TEAM that employees are manually filling out timesheets and the hospital is keeping track of all hours worked, but it would be very challenging to cut checks without the help of Kronos.

Shannon Medical Center

Two days after the cyberattack, the San Angelo Standard-Times reported that Shannon Medical Center in San Angelo, Texas was impacted by the Kronos ransomware attack.

Shannon Medical Center spokesperson Lyndy Stone told the local news outlet that the hospital had implemented downtime procedures to ensure that it can continue to process payroll for its staff.

No further updates have been provided since December 13.

Community Medical Center

READ MORE: MD Department of Health Systems Down 1 Month After Ransomware Attack

The Montana Nurses Association (MNA) sent a letter to Community Medical Center (CMC) on alleging that CMC failed to pay 257 nurses in December, according to the Missoulian. The letter stated that nurses have not been paid properly since December 3.  

MNA surveyed its members and found that nurses are missing on average $1,000, but some have been underpaid by up to $4,500. Salaried employees have no been impacted, but hourly employees are suffering the most, MNA told the local news outlet.

Rather than taking overtime, holiday pay, or hazard pay into account, CMC has been duplicating the December 3 paychecks for hourly staff.

CMC has guaranteed to reconcile outstanding wages and said that employees will be fully compensated by January 14.

“We appreciate the efforts made by CMC to rectify the ongoing pay crisis and we see your plan as a positive step toward resolution,” MNA’s lawyers wrote in a letter to CMC.

READ MORE: Critical, “Wormable” Microsoft Vulnerability Could Lead to Cyberattacks

“While we appreciate CMC’s assurance that a plan is in place, please note that ‘any unforeseen processing glitches’ resulting in underpayment of wages on January 14 will be seen as noncompliance.”

Care New England

Rhode Island-based Care New England will continue to pay about 7,500 employees manually until the Kronos attack is resolved.

Care New England told WLNE-TV that it has been tracking workers’ hours on a separate system that was not impacted by the ransomware attack.

Holiday pay and overtime will not be paid out until Kronos resolves the issue.

Allegheny Health Network

Allegheny Health Network, a Pennsylvania health system and member of Highmark Health, avoided major payroll inconsistencies amid the Kronos incident.

“Upon learning of the incident, AHN and Highmark Health immediately put a team together to assess the impact of a temporary Kronos shutdown and establish a contingency plan to ensure the Network’s payroll processing for employees continues uninterrupted until Kronos resolves the matter,” a spokesperson told HealthITSecurity via email on January 12.

“Our chief priority is making sure our employees are paid appropriately and on time until the Kronos system is back up, and we are confident the plan we have put in place is achieving those objectives. We have already processed two employee pay periods since the Kronos shut down with minimal payroll issues.”

UMass Memorial Health

UMass Memorial Health is also facing paycheck issues weeks after the ransomware attack, according to Spectrum News1. Employees are receiving paychecks equivalent to those they received in late November before the attack disrupted the hospital’s payroll system, even if they worked more or less hours.

“We are redeploying staff to work with payroll to get those times reconciled and to all the health care workers out there for UMass Memorial and elsewhere many other health care systems have been impacted by this," Eric Dickson, UMass Memorial Health CEO said in a public statement.

"I am so sorry that this has happened and I promise will make sure that you all get paid appropriately."

UMass Memorial is relying on staff to report if their paychecks are incorrect. Dickson said he hopes the situation will be resolved by early February.

Penn Highlands Healthcare

Penn Highlands Healthcare released its third recovery status update on December 29.

“At this time, they cannot advise us when the system will once again be operational since each of their thousands of clients must be reactivated individually,” the notice stated.

Employees will be paid for the hours that they manually submit, including holiday and overtime pay, to their supervisors as the payroll and HR departments work to ensure that every employee is paid.

Employees who are overpaid or underpaid will have their pay adjusted when Kronos is running again. Employees are still required to clock in and out and log PTO and sick time usage via timesheets.

Monument Health

Monument Health in South Dakota was forced to transition to manual record-keeping in the wake of the Kronos ransomware attack, according to a December 20 Rapid City Journal report.

“Our Payroll, IT and Human Resources teams completed payroll on Dec. 17, and Monument Health has asked hourly caregivers to continue using the time clocks while tracking their time manually,” Monument Health said in a December statement to Rapid City Journal.

“If Kronos does not come up by the end of the next pay period, we’ll have the manually tracked time available."

Ascension St. Vincent Hospital

Indianapolis-based Ascension St. Vincent Hospital was impacted by the Kronos breach, according to a December 14 report from FOX59.

“Like many companies, we have been impacted by the ransomware attack on Kronos,” a spokesperson told the local news outlet.

“While Kronos is working to address system issues, we have put in place alternate systems to track time and process payroll as scheduled.”

Ascension St. Vincent Hospital has not released any statements regarding its recovery since the December 14 report.