AnMed Works to Fix Payroll Issues after Kronos Ransomware Attack
Wednesday, December 15, 2021 at 9:24PM Observer and Wire Reports
AnMed Health was faced with the challenge of shifting payroll to a manual system after the ransomware attack on the cloud-based human resources management company Ultimate Kronos Group (Kronos).
Kronos is used widely around the U.S. by businesses and governments to track employees' hours and to issue pay. Its many customers include municipal governments, meida companies, university systems, nonprofits and large corporations.
Payroll management is a key part of Kronos, and companies using the service are left scrambling to get employees paid.
“Ensuring our teammates receive the proper compensation for their hard work is a top priority with the revelation of the incident that disrupted the time, attendance and scheduling system,” said Lizz Walker, a spokesperson for AnMed. “We have taken steps for our employees to receive their paychecks on time and keep track of their working hours.”
Some AnMed employees were concerned shifting to a direct payroll system based on previous paychecks could prove problematic due to the overtime and holiday pay included in the effected pay period, but one source said the health care system has promised to work with each employee to ensure they get paid for work provided.
Kronos said the ransomware attack has affected only customers that use a particular product called the Kronos Private Cloud, which includes AnMed.
"We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services," a Kronos spokesperson said in a statement.
Employers that used Kronos to clock employees in and out of shifts may ask workers to manually track start and end times, while companies that rely on Kronos to issue paychecks may send out paper checks so long as the service is down.
Employers may also choose to issue generic paychecks that compensate employees for a baseline number of scheduled hours, rather than the actual hours worked — and later issue corrections as needed.
The Fair Labor Standards Act requires employers to track hours worked by employees no matter the timekeeping method used (in other words, via Kronos, a manual timecard or otherwise), then pay their workers promptly. Individual states may further govern exactly how often those paychecks must come.
As for personal data, what employee information is stored in Kronos — and therefore could be exposed to attackers — varies by employer.
In statements to employees, several companies said that they believed the most sensitive personal data, including Social Security numbers, had not been breached — but the city of Cleveland warned employees that the last four digits of Social Security numbers could be at risk.
The service could be out for "several weeks," according to a blog post by Bob Hughes, Kronos' chief customer and strategy officer. The post was published Sunday, though it was later inaccessible.
Because the fix could take long enough to affect payroll and scheduling operations, the company has urged employers to seek out "alternative business continuity protocols" while it works on a fix.