Healthcare management software provider Kronos has notified clients, including those in healthcare, that a Dec. 11 cyberattack knocked down several platforms.
Kronos has advised clients that a ransomware attack has disabled several of its cloud-based platforms, including its UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling solutions.
In a Dec. 13 blog, officials at the Massachusetts-based provider of workforce and healthcare management software said the attack was first noticed on Dec. 11.
“As we previously communicated, late on Saturday, December 11, 2021, we became aware of unusual activity impacting UKG solutions using Kronos Private Cloud,” the blog reads. “We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud—the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed. At this time, we are not aware of an impact to UKG Pro, UKG Ready, UKG Dimensions, or any other UKG products or solutions, which are housed in separate environments and not in the Kronos Private Cloud.”
“While we are working diligently, our Kronos Private Cloud solutions are currently unavailable,” the notice continues. “Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions. Support is available via our UKG Kronos Community and via our UKG Customer Support Team to provide input on your business continuity plans.”
Kronos has many clients in the healthcare sector, as noted by the American Hospital Association.
“A lack of the availability of those services could be quite disruptive for healthcare providers, many of whom are experiencing surges of COVID-19 and flu patients,” John Riggi, senior advisor for cybersecurity and risk, said in an AHA press release. “We have received several reports from the field indicating that some hospitals and health systems have been impacted by this ransomware attack against Kronos.”
“This attack once again highlights the need for robust third-party risk management programs that identify mission-critical dependencies and downtime preparedness,” he added. “If mission-critical third-party services are made unavailable due to a cyberattack, it may result in disruptions to hospital operations. As such, we urge all third-party providers that serve the healthcare community to examine their cyber readiness, response and resiliency capabilities.”
Eric Wicklund is the associate content manager and senior editor for Innovation at HealthLeaders.