Healthcare systems are struggling to manage timekeeping and employee pay following a ransomware attack on one of the country's largest human resources management companies.
The Dec. 11 cybersecurity incident affected Ultimate Kronos Group, whose services are used by thousands of organizations, municipal governments, university systems and hospitals.
So far, the company has determined that the attack specifically impacts those using the Kronos Private Cloud, which houses banking and scheduling solutions as well as healthcare extensions, said Bob Hughes, UKG executive vice president, in a blog post on Monday.
"We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts," a UKG spokesperson said in a statement.
Most hospital workers are hourly employees, and not being able to clock in and out using technology has caused major disruptions for health systems, said Rick Kes, healthcare partner at RSM.
"The payroll processing of a healthcare provider is much more complex than other industries, because you have specific types of shift differentials depending on what shift you're working, you have different rates that you get paid if you work on a weekend or a holiday," Kes said.
He said some health systems are thinking about basing pay checks on pay period averages, though overpayment and having employees owe money is a major concern.
UKG stated that it may be several weeks before the company is able to restore its system availability, and in the meantime recommended that employers schedule staff and conduct timekeeping manually, or use UKG time clocks to record time-punches offline until connectivity resumes.
"As many hospitals are faced with a surge in COVID-19, in flu patients, scheduling and deploying both clinical and non-clinical staff is extremely important," said John Riggi, senior advisor for cybersecurity and risk with the American Hospital Association. "When you have this disruption, it can actually impede hospital operations and potentially slow down care delivery."
Moving forward, Riggi said health systems need to employ robust third party risk management programs to identify processes that are critical to hospitals' function, and prepare alternative procedures in the event that these critical services are lost due to a cyberattack.
"But defense is only half of the equation," Riggi said. "We strongly urge the government to continue to take countermeasures and undertake offensive operations against these foreign-based attackers that are risking public health and safety."
Healthcare data is especially desirable for ransomware attackers due to patient and payment information held by medical organizations, said David Pignolet, founder and CEO of SecZetta.
Care networks are typically more vulnerable to cybersecurity incidents because individuals have a lack of training in technology and identity safeguarding, he said.
Currently, UKG is still investigating the nature and scope of the attack, and offering support for businesses' continuity plans. It is uncertain whether data was compromised or whether the attack was related to a flaw with Log4j, a common Java-based logging tool, allowing remote hackers to control systems using certain software.
"Cybersecurity issues happen seemingly frequently now," Kes said. "And it's not like any one company is 100% secure from an attack like this. So it'll be interesting to see the impact this will have on the decisions that health systems make, whether or not they stay with Kronos or find other technology to use."