Cyberattack Against Kronos Disrupts UAMS Timekeeping System

Cyberattack Against Kronos Disrupts UAMS Timekeeping System
UAMS Medical Center in Little Rock. A cyberattack has knocked its timekeeping and scheduling system offline. (UAMS)

The University of Arkansas for Medical Sciences was one of what is likely several organizations in Arkansas that, while not primary targets of a mid-December ransomware attack, are reeling from it nonetheless.

The target of the attack was Kronos, a leading human resources and payroll software provider headquartered in Lowell, Massachusetts. Kronos is the main timekeeping and scheduling tool UAMS uses, CFO Amanda George told Arkansas Business late Monday.

She said the attack shut off all access to Kronos systems and that access has yet to be restored. So the hospital has shifted to manual processes.

“We're supposed to find out this week what their estimated time to resolve for us is, specifically,” George said. “[Kronos] put out an email that said that they'll be reaching out to individual organizations to let them know what their restoration plan looks like. So we should be hearing this week. Hopefully, we will be back online relatively quickly. We're hoping in the next couple of weeks.”

Kronos said on its website that it noticed the evening of Dec. 11 that some of its servers had become encrypted and others were in the process of being encrypted. The company initiated an emergency procedure and shut down more than 18,000 physical and virtual servers. It notified clients in the early morning hours of Dec. 13 that there had been a ransomware attack.

Since then, UAMS' payroll and information technology departments have been working “day and night” and all employees have been paid on time, George said.

UAMS is the state's largest public employer, with more than 10,000 workers in 73 of the state's 75 counties, according to its website. 

While employees have noticed the switch to manual processes, they’ve been understanding, and UAMS has endeavored to communicate frequently with them about this fluid situation, George added. She also said UAMS is not considering switching providers because Kronos has been a good partner for years and has provided periodic updates to the hospital.

Krono said on its website, "We recognize the seriousness of the issue and have mobilized all available resources to support our impacted customers."

While UAMS, obviously, couldn’t have done anything to prevent the attack on Kronos, George advises other companies that may find themselves in a similar situation to be prepared.

“I think it's really important that all businesses have their downtime procedures/disaster recovery procedures documented, and everyone knows what needs to happen when something like this happens,” she said.

More On This Story