Kronos ransomware attack impacting hospitals and health systems

Dec 14, 2021 - 11:53 AM
cybersecurity-hand-lock-graphic_900x400

A ransomware attack has impacted several Ultimate Kronos Group services that hospitals and other organizations use to manage their employees and payrolls, the HR management company has confirmed. According to an alert issued yesterday by the Health Information Sharing and Analysis Center, UKG has alerted impacted customers that the attack affects the Kronos Private Cloud, which includes UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions. Many hospitals and health systems depend on Kronos for timekeeping, scheduling and payroll. 

John Riggi, senior advisor for cybersecurity and risk, said, “A lack of the availability of those services could be quite disruptive for health care providers, many of whom are experiencing surges of COVID-19 and flu patients. We have received several reports from the field indicating that some hospitals and health systems have been impacted by this ransomware attack against Kronos. This attack once again highlights the need for robust third-party risk management programs that identify mission-critical dependencies and downtime preparedness. If mission-critical third-party services are made unavailable due to a cyberattack, it may result in disruptions to hospital operations. As such, we urge all third-party providers that serve the health care community to examine their cyber readiness, response and resiliency capabilities.” 
 

Related News Articles

Headline
AHA-supported cybersecurity bill introduced in House
AHA yesterday thanked Reps. Jason Crow, D-Colo., and Brian Fitzpatrick, R-Pa., for introducing a House companion to the Healthcare Cybersecurity Act (S.3904/H.…
Blog
Proofpoint Press Release on Cybersecurity Survey does a Disservice to Health Care Providers
A survey released in early September from Proofpoint, Inc., and the Ponemon Institute, on cybersecurity in health care raises important issues but appears to…
Headline
FDA reports potential cybersecurity risk with insulin pump system
The communications protocol for the Medtronic MiniMed 600 Series Insulin Pump System could allow an unauthorized person to access the pump to deliver too much…
Headline
HHS alerts health sector to monkeypox-themed phishing campaign
The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) yesterday alerted the sector to a monkeypox-themed phishing…
Headline
FBI: Cyber criminals targeting health care payment processors  
Cyber criminals are increasingly targeting health care payment processors to redirect payments intended for health care providers to accounts they control,…
Headline
FBI charges Iranian hackers, recommends action to prevent further attacks
The FBI yesterday charged three Iranian nationals with allegedly orchestrating a scheme to hack into the computer networks of multiple U.S. victims,…