Kronos software, owned by Ultimate Kronos Group(UKG), helps in work management by providing tools that manage scheduling, attendance, absenteeism reporting, payrolls, leave assigning, employer records, employee time for workplaces, etc. It made it easier for organizations to manage their workers due to scalability and mobility.
It lets users automate the workflows with the help of mobile apps both for Android and iOs that provide a self-service option. Most of their pricing for each unit is kept private, you have to contact them, and they will let you know the prices. The company provides regular updates to introduce new features and improve security to avoid scenarios like Kronos outage. The Kronos software boasts over 2,200 clients, some of the clients include Tesla, Honda, Gamestop, Hospitals, MTA, Whole Foods, etc.
Kronos outage occurred when cybercriminals in December 2021 performed a ransomware attack on the software affecting the private cloud systems, attendance system, and payroll. It lasted one week for the companies to resume using it, and some went up to one month.
The team released a statement letting the customers know of the attack and its effects on the Private Club. The private club consists of healthcare, banking, telecommunicating services, and human resource management solutions. The message also alerted the customers that they were unsure if other solutions like UKG dimensions, ready, and UKG products were affected as they have different environments.
The vice president also added that they consulted with cybersecurity experts to figure out what happened and have a better scope of the attack. It took a while to restore it to normalcy.
Want to Become a Master in Kronos? Then visit here to Learn Kronos Training Online
The parent company of the software gave fewer details about the attack. They did not mention whether they lost any data. They stated that they didn't lose sensitive data like date of birth, social security details, and bank account details; instead, other details were lost like email addresses.
Some of the people who lost a lot of data included Nationals of Brazil, India, Hong Kong, New Zealand, Belgium, e.t.c.Organizations from Cleveland reported that they lost the last four digits of their Social Security numbers.
Many cybersecurity experts like Mac McMillan had reported that the attack could be related to the Log4j vulnerability, found in the Java programming language, but the company denied the reports.
Kronos also reported a strong backup system with secure transmissions that could hold data for 28 days. The backups get stored in different environments and use different architecture compared to those used by the production environments. The hackers tried to block all the communication between backup servers and the production environment making restoration of services take longer.
The organization appointed Mandiant, a cybersecurity firm, to provide reports about the incident and provide future monitoring of the situation to avoid such scenarios in the future, and West Monroe to help bring everything to normal.
Click here to get frequently asked Cyber Security Interview questions & answers for freshers & experienced professionals!
Healthcare was one of the fields that were hit big by the attack. Hospitals use Kronos software in their systems, which has affected the smooth running of the activities. One of the products attacked in the Kronos outage was meant for health care administration. It made the management duties very hard, especially for processing payments and reporting attendance and timekeeping of the healthcare workers.
It affected all hospitals, i.e., rural hospitals, small clinics, multi-urban hospitals, and big hospitals. It made them pay workers inaccurately, with missing allowances and deductions, making them go to courts, riot on social media, and visit their respective unions.
UMass Memorial Health described this incident as a lesson for their plans. Luckily enough, they reacted quickly during the attack by improvising a payroll that could pay their workers without using hours worked. It made it easier for workers to key in important details, and HR made any adjustment needed faster.
Other hospitals that lost the data include Monument health, Baptist health, Ascension St. Vincen, and Ohio health.
If you have any doubts about Cyber Security, then get them clarified by cyber experts on our Cyber Security Tutorial!
Cybercrime activities are rising, and organizations like software providers and users should have a formidable backup solution. It avoids scenarios where you lose all the data and don't have an option. Organizations should also have alternative solutions in case of such a scenario, i.e., hospitals can set up alternative payrolls that don't rely on the Kronos software.
Hackers target organizations with a lot of data. For instance, the payroll software serves more than one million users, which can be one of the motivations of the attack to harvest a lot of data.
The Kronos outage was a lesson to other enterprises and organizations who don't invest in cybersecurity teams that help them avoid such risks from occurring. Its the role of the vendor and user to keep their data secure.
If you don't take security with the seriousness it deserves, you lose many clients. After the attack, some organizations had to cancel the contracts and look for alternatives which was a significant loss.
Batch starts on 5th Jun 2023, Weekday batch
Batch starts on 9th Jun 2023, Fast Track batch
Batch starts on 13th Jun 2023, Weekday batch