The December 11th ransomware attack levied against Ultimate Kronos Group (UKG), commonly simply referred to as “Kronos,” has left organizations, businesses and individuals to fend for themselves as the effects of the human resource company’s now limited operations leave paychecks in limbo. As the new year begins, many are left still struggling after weeks without service due to the hack.
As expected, the effects of the Kronos service outage have had serious consequences across organizations both private and public. Many workers have experienced disruptions in pay, and companies are struggling to keep accurate records when it comes to hours worked, overtime and more.
Healthcare and the Kronos hack
Healthcare organizations seem to have been disproportionately affected by the disappearance of Kronos’ services. Many employees are less than optimistic when it comes to their faith in Kronos and their employers to get back on track.
Staff at University of Florida Health (UF Health) have experienced two weeks of payroll inaccuracies, with some workers looking to leave the facility and find work elsewhere as the hospital flounders with maintaining the books.
“People are fed up. They’re gonna go. They’re not going to stay. No one wants to work for free,” said a UF Health employee who chose to remain anonymous for fear of the hospital retaliating.
“If we are recording our hours on timesheets and you know already how much we’re making and you can calculate that with a calculator, then we should do that,” the UF Health employee continued.
UF Health maintains that it is waiting for instructions from Kronos, and is doing the best it can logging hours manually. Their statement does little to comfort those who already live paycheck to paycheck.
MaineHealth, another healthcare provider and one of the state of Maine’s largest employers, has also been grappling with the effects of the Kronos hack.
“Though this ransomware attack affects employers worldwide, it is especially unfortunate that our care team members have to deal with this at a time when the pandemic is at its peak in Maine,” said chief financial officer of MaineHealth Al Swallow.
Staff members at Atlanta, Georgia’s Grady Memorial Hospital have reported receiving checks for as little as 75 cents. Some have not received checks at all.
As COVID-19 infections soar and hospital staff regularly maintain hours far in excess of their scheduled time, the additional economic pressure being experienced by those who aren’t receiving pay is placing more stress on a workforce that is already beyond the breaking point.
Public services and the Kronos hack
School districts, police departments and other public services also are feeling the pressure as the Kronos hack closes in on its third week of service disruption.
Texas’ Forth Worth Independent School District has resorted to “old fashioned” methods of time keeping. The school’s executive director of external and emergency communications, Claudia Garibay, said that the school is “working with our division of technology to develop a time capture application that we’ll have here in the near future.”
Private companies and the Kronos hack
Nestle and Tesla are two of the largest companies affected by the Kronos hack.
Nestle spokeswoman Dana Stambaugh said that “this (hack) will have no impact on our ability to pay our employees.”
Tesla has not made a statement regarding the hack, nor has CEO Elon Musk made any mention of the hack officially or on his Twitter feed.
The effects of the Kronos hack are being experienced differently depending on how much integration a company has with their services and which of their tools they employ.
What is Kronos doing about the ransomware attack?
For it’s part, Kronos has been keeping a logged record of their restoration process that is available for public view.
While transparency and a detailed list of the company’s efforts is laudable in a world where hacks and breaches quickly fade from both headline news and PR statements, the online archive seems perfunctory. When considered with Kronos’ initial instruction for clients to, more or less, figure out how to navigate their absence on their own, the company’s updates give the impression of a box to be checked in order to save face more so than a carefully constructed plan.
Kronos has provided a small suite of “Interim Solutions for Time and Scheduling” that include Excel files and a piece of software that will collect and store time clock punches for when services are restored.
Many of the steps that Kronos is instructing businesses to undertake to restore services require downloading checklists, watching videos, connecting with a representative from the company and learning how to manage new methods by which to collect payroll data.
Kronos’ provided tools and recommendations put picking up the real world mess of their outage squarely on the shoulders of their customers, continuing to underline how a lack of protocols in the event of a major cyberattack can result in the responsibility for the fallout trickling down to paying customers as opposed to the organization entrusted with critical tools and data.
Kronos has reported on its status update page that those affected by the ransomware attack can expect to hear from a company agent who will assist them directly in restoring services between January 3rd and January 7th.
However, a post published on January 1st beginning with a tone deaf wish for a “happy new year” stated that more details would be forthcoming “tomorrow,” which would have been January 2nd.
As of the morning of January 3rd, no new correspondence has been posted.
Undoubtedly, organizations across the country are eagerly awaiting a return to regular services as they continue to make do with pen and paper records, unlogged hours and a lack of cohesive protocols with regard to the absence of human resource services. For them, these updates may allow them to pass progress reports on to their workforces to assure them that work is underway.
However, the workers and employees directly affected by missing, lacking or inaccurate paychecks likely aren’t interested in Kronos’ “good faith” efforts to fix the mess after the fact. One can hope that the scrambling taking place in the wake of this hack will provide an incentive for more major companies to develop strict, detailed procedures to shield their customers from the effects of cyberattacks, whether successful or merely attempted.
Barring a market wide enlightenment, however, until major companies feel sufficient economic or regulatory pressure to strengthen their cybersecurity protocols and adopt responsibility for their inaction, it is likely that 2022’s ransomware and cyberattack landscape will deviate little from the trends set over the previous year.
How to avoid cybercrime
Cybercrime doesn’t just happen to major corporations, in spite of what headline news may imply. Small businesses are often targeted by hackers due to their limited resources and their belief that they need not invest in security due to their inconspicuous size. Here are some tips to help you stay safe online:
Use strong, random passwords. Use a password generator to create impossible to guess passwords, and don’t use the same password across multiple websites or accounts.
Keep up to date on the ways in which to identify phishing scams and malicious links. The hack of Robinhood took place when a criminal convinced an employee to provide sensitive data over the phone. Cybersecurity training is key.
Keep your operating systems, software and apps updated. You can easily update your hardware and still keep your budget intact by purchasing refurbished equipment from a reputable supplier.
- INVESTIGATES: Payroll system hack continues, UF Health employee urges hospital to step up – Action News Jax by Gretchen Kernbach, 31 Dec 2021, Action News Jax
- Kronos ransomware attack impacts major Maine employers | Security Systems by SSN Staff, 27 Dec 2021, Security Systems News
- Fort Worth school district payroll affected by Kronos hack by Jessika Harkay, 15 Dec 2021, Fort Worth Star-Telegram
- Grady Hospital payroll affected by ransomware hack, paychecks delayed – Decaturish – Locally sourced news by George Chidi, 23 Dec 2021, Decaturish
- UPDATED: Nestlé, Ascension Wisconsin among victims of massive ransomware attack | Local News | journaltimes.com by Adam Rogan, 20 Dec 2021, Kenosha News