Payroll of Healthcare Providers Threatened by Ransomware Attack on Kronos

The number of healthcare providers affected by the recent ransomware attack on Kronos has been growing over the past few days. 7 healthcare providers have now confirmed they have been affected by the attack.

Kronos is a Lowell, MA-based workforce management and human capital management solution provider that many healthcare organizations use for payroll, scheduling, and other services. On December 11, 2021, Kronos discovered unusual activity in its systems deployed within the Kronos Private Cloud. Steps were immediately taken to investigate the activity and block any unauthorized access. It was rapidly determined to be a ransomware attack, that affected parts of its cloud environment where Ultimate Kronos Group (UKG) solutions are deployed, including UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling.

UKG said it engaged a leading cyber security firm to assess and mitigate the attack and the investigation into the breach is ongoing. The affected solutions remain offline and Kronos has strongly suggested its clients should evaluate and implement alternative business continuity protocols related to the affected UKG solutions as it may take several weeks to restore system availability.

Seven healthcare provider clients have recently confirmed that they have been affected by the ransomware attack: Allegheny Health Network, Highmark Health, Baptist Health, UF Health, Ascension, Shannon Medical Center, and Franciscan Missionaries of Our Lady Health System.

San Angelo, TX-based Shanon Medical Center, Jackson, Fl-based Baptist Health, Gainesville, FL-based UF Health, and Indianapolis, IN-based Ascension St. Vincent Hospital said payroll has been affected and they have switched to alternate systems to ensure their employees get paid, while Pittsburg, PA-based Allegheny Health Network and Highmark Health said they are doing everything they can to ensure employees are paid on time.

Baton Rouge, LA-based Franciscan Missionaries of Our Lady Health System used Kronos for timekeeping and scheduling and has switched to emergency downtime procedures to ensure there is no disruption to its services.

The American Hospital Association (AHA) said it has received several reports from members confirming they have been affected and are working to minimize disruption. “A lack of the availability of those services could be quite disruptive for health care providers, many of whom are experiencing surges of COVID-19 and flu patients,” said John Riggi, AHA senior advisor for cybersecurity and risk. “This attack once again highlights the need for robust third-party risk management programs that identify mission-critical dependencies and downtime preparedness. If mission-critical third-party services are made unavailable due to a cyberattack, it may result in disruptions to hospital operations. As such, we urge all third-party providers that serve the health care community to examine their cyber readiness, response, and resiliency capabilities.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.