Kronos started notifying its customers over the weekend that it was the victim of a ransomware incident affecting the Kronos Private Cloud products Workforce Central, TeleStaff, Healthcare Extensions and Banking Scheduling Solutions. Kronos has not confirmed whether the incident is related to the Apache log4j zeroday vulnerability. Kronos has advised its customers that it may take several weeks to resolve and that customers should implement alternative business continuity protocols since the products might not be able to be used for several weeks. For many companies, this means time entry and payroll services may be disrupted. It is reported that many brand name companies are being affected by the attack on Kronos, and the American Hospital Association has stated that hospitals and health systems have been affected, which is particularly difficult with the spike in Omicron COVID-19 cases in the United States.
Each customer will have to determine how to implement alternative business continuity protocols to function without the Kronos services, and what data may have been compromised in the attack, but at this point, without more information, it is a waiting game to find out what happened and what was compromised. These incidents take time to investigate and resolve. Kronos has provided a web page of updates: https://www.ukg.com/KPCupdates
One thing we can do now is to develop backup and contingency plans around critical third-party vendors–especially in this day and age of catastrophic cyberattacks. It’s one thing to complete a tabletop simulation for your own company, but it’s just as important to simulate how you would function without the services of a critical third-party vendor.