Sector Within Public Finance Most Impacted by Kronos Ransomware is Healthcare
According to a Dec. 21 article from the New York-based Fitch Ratings, an American credit rating agency, the recent breach of Weston, Fla.-based Ultimate Kronos Group's (UKG) Kronos Cloud Solutions platform could pose substantial, but temporary, management challenges for public finance entities that use the Kronos platform through the holiday season.
The article states that “UKG is the provider of one of the most popular and widely used payroll and workforce tracking systems for public finance entities. On Monday December 13, UKG announced that it was the victim of an ongoing ransomware attack affecting the Kronos Private Cloud, which hosts UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions. The company further disclosed that the Kronos Private Cloud solutions systems are currently unavailable and it may take up to several weeks to restore system availability for clients. The breach is forcing many issuers across the spectrum of public finance to resort to manually tracking and estimating employee hours, having to issue paper paychecks and possibly causing paycheck delays during the holidays.”
Further, “The sector most impacted by the UKG ransomware attack within public finance is healthcare, where Kronos’ payroll and workforce solutions systems have been popular. The breach should not affect clinical outcomes or add meaningful costs, except some added expenses activating contingencies to track hours and pay workers. That said, the timing is especially inopportune for the sector, with hospitals nationwide already grappling with increased COVID-19 cases amid the growth in the Omicron variant. Indeed, the American Hospital Association (AHA) stated that some hospitals and health systems have been impacted by this ransomware attack and urged all third-party providers that serve the healthcare community to examine their cyber readiness, response and resiliency capabilities.”
John Riggi, senior advisor for cybersecurity and risk, AHA was quoted in the statement saying that “A lack of the availability of those services could be quite disruptive for health care providers, many of whom are experiencing surges of COVID-19 and flu patients. We have received several reports from the field indicating that some hospitals and health systems have been impacted by this ransomware attack against Kronos. This attack once again highlights the need for robust third-party risk management programs that identify mission-critical dependencies and downtime preparedness. If mission-critical third-party services are made unavailable due to a cyberattack, it may result in disruptions to hospital operations. As such, we urge all third-party providers that serve the health care community to examine their cyber readiness, response and resiliency capabilities.”