Payroll of Healthcare Companies Threatened by Ransomware Attack on Kronos

The number of healthcare organizations affected by the latest ransomware attack on Kronos has been increasing in the past few days. 7 healthcare companies have now reported that they have been impacted by the attack.

Kronos is a workforce management and human capital management solution provider based in Lowell, MA that a lot of healthcare providers utilize for payroll, scheduling, and other services. On December 11, 2021, Kronos found strange activity within its systems employed inside the Kronos Private Cloud. Steps were promptly done to look into the activity and stop any unauthorized access. It was quickly identified to be a ransomware attack, that had an impact on areas of its cloud environment where Ultimate Kronos Group (UKG) solutions are used, which include UKG TeleStaff, UKG Workforce Central, Banking Scheduling, and Healthcare Extensions.

UKG stated it hired a top cyber security company to examine and mitigate the attack and the scrutiny into the breach is ongoing. The affected systems continue to be offline and Kronos has strongly advised its clients to assess and employ substitute business continuity methods associated with the impacted UKG solutions since it may take a couple of weeks to recover system availability.

Seven healthcare provider clients have recently affirmed that the ransomware attack had affected them. They were: Allegheny Health Network, UF Health, Ascension, Highmark Health, Shannon Medical Center, Baptist Health, and Franciscan Missionaries of Our Lady Health System.

Shanon Medical Center based in San Angelo, TX, UF Health in Gainesville, FL, Baptist Health based in Jackson, Fl, and Ascension St. Vincent Hospital in Indianapolis, IN mentioned that payroll was impacted and they have employed other systems to make sure their workers get their salaries, while Allegheny Health Network based in Pittsburg, PA, and Highmark Health explained they are doing what they can to make certain staff members are salaried promptly.

Franciscan Missionaries of Our Lady Health System in Baton Rouge, LA utilized Kronos for timekeeping and scheduling and has followed emergency downtime processes to make sure there is no interruption to its services.

The American Hospital Association (AHA) claimed it has acquired a number of reports from members stating they were affected and are working to reduce disruption. An insufficiency of the availability of those services can be quite bothersome for health care organizations, many of whom are going through surges of COVID-19 and flu patients, stated by AHA senior advisor for cybersecurity and risk, John Riggi. This attack again shows the demand for robust third-party risk management programs that identify mission-critical dependencies and downtime preparedness. When mission-critical third-party services are made unavailable because of a cyberattack, it may bring about interruptions to hospital operations. Therefore, we request all third-party companies that help the health care community to always check their cyber readiness, response, and resiliency abilities.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at