Duval County

Kronos Ransomware Attack: 3 local hospitals say employee pay won’t be affected

JACKSONVILLE, Fla. — Kronos, a major payroll platform, is the latest company to get hit by a cyberattack over the weekend.

The company has clients nationwide, including in Jacksonville.

With Christmas less than two weeks away, naturally, there are concerns from some employees about their paychecks being affected.

STORY: LIFT JAX propose nonprofit grocery store & job training center on the Eastside

The Ultimate Kronos Group has been hit by a ransomware attack that could affect the system for several weeks.

It’s part of the increasing trend in cyberattacks Mini Zeng has previously read about and studied. Zeng is an assistant professor of Computer Science and Cybersecurity at Jacksonville University.

“There’s more and more applications or software hosted online, people use networks, and that is why there is more vulnerabilities, more attacks,” Zeng explained.

Kronos — as the platform is called — is used for human resources tasks, including processing payroll, handling employee timesheets and helping employers manage their employees.

Some companies have been unable to process their payroll earlier this week.

Baptist Health, UF Health and Ascension St. Vincent all told Action News Jax Courtney Cole the ransomware attack had impacted them.

However, all three hospitals have taken steps to ensure they’re still able to successfully track timekeeping and process payroll, so employees will be paid on time.

Baptist Health also explained that even if there were something irregular about an employee’s schedule during the pay period for this upcoming check (i.e., an employee has worked some double shifts), the employee will still be paid the difference with a paper check.

Some other big-name clients that use Kronos are The Marriot, YMCA and Tesla.

Zeng told Action News Jax that typically computer application creators focus on the functionality of a program. But, focusing more on the potential vulnerabilities is a better way to protect data, which is what she teaches her students.

“We spend two or three weeks to teach students, code, programs in a secure way. To make sure their code, the programs they create, is robust,” said Zeng.

VIDEO: Family finds venomous snake in their Christmas tree

Cole also reached out to Ultimate Kronos Group (UKG) directly to ask who Kronos believes is possibly responsible for the ransomware attack, how long it’s expecting it to take before this incident is resolved, what steps Kronos is asking companies to take that have been affected, and if anyone’s bank information has been compromised.

Joele Frank from Wilkinson Brimmer Katcher, the public relations firm that represents UKG, responded via email with this statement:

“UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services.”

Additionally, a recent public update on the Kronos Private Cloud can be found here.

Comments on this article