Employers are suing as paycheck delays drag on : NPR

Employers are still dealing with the administrative chaos caused by the ransomware attack on Ultimate Kronos Group last month.

SOPA Images / SOPA Images / LightRocket via Gett


Hide caption

Caption switch

SOPA Images / SOPA Images / LightRocket via Gett


Employers are still dealing with the administrative chaos caused by the ransomware attack on Ultimate Kronos Group last month.

SOPA Images / SOPA Images / LightRocket via Gett

The month-old ransomware attack continues to cause administrative chaos for millions of people, including 20,000 public transit workers in the New York City metro area, Cleveland public service employees, FedEx and Whole Foods employees, and medical workers across the country who were… Already dealing with the Omicron wave that filled hospitals and exacerbated the shortage of workers.

In the weeks after the attack on Kronos Private Cloud — a service that includes some of the country’s most popular workforce management software — employees from Montana to Florida reported salaries of under hundreds or thousands of dollars, as employers struggled to manage schedules and track hours without assistance. Kronos program.

Although Ultimate Kronos Group, the company that makes Kronos, says so Expecting the systems to be back online by the end of January, affected employers say they don’t yet know for sure when they will actually be able to access their systems and information.

The extra burden won’t end once Kronos returns: Finance and Human Resources departments across the country are facing weeks of overtime to return manual records they’ve collected over a month or more into the Kronos system. In severe cases, this backlog can delay the issuance of W-2s and other tax information.

Paul Patton, chief human resources officer for the city of Cleveland, who has created a “war room” of administrative staff that works to reconcile the salaries of the city’s 8,000 employees, said.

Now that the disruption is significant, some employers are considering lawsuits or other legal challenges to their contracts with UKG.

It includes New York City area Urban Transportation Authority. Eugene Resnick, a spokesperson for the MTA, said the MTA “has taken the first steps toward initiating legal action.”

Hacking disrupts major employers in the public and private sectors

Thousands of employers rely on Kronos’ discontinued products, including some of the country’s largest private employers like FedEx, PepsiCo and Whole Foods. Public employers, such as Prince George’s County and the University of Utah, have also given in.

About 8 million employees are affected by the outage.

In Santa Fe, New Mexico, most of the city’s 1,500-plus employees fill out spreadsheets every two weeks to keep track of their hours, rather than using cloud-based software time cards customized to the needs of each city department.

Bradley Purdy, the city’s chief information security officer, said workers across the city are affected by the Cronos outage, from libraries to police and fire departments.

“Just like everyone else, we drive them crazy, and we say, ‘What’s the latest?’,” Purdy said. “If I were in their place, I would be very careful too. They don’t want to do everything again and all of a sudden they’re doing it.”

Employers have resorted to a variety of manual solutions to deal with the temporary loss of Cronos. Some have asked employees to submit Google Forms every two weeks; Others simply asked employees to email their hours of work.

In Cleveland, Ohio, about 8,000 city employees — including police and fire departments — are affected by the Cronos outage.

Tony Dejak/AFP


Hide caption

Caption switch

Tony Dejak/AFP


In Cleveland, Ohio, about 8,000 city employees — including police and fire departments — are affected by the Cronos outage.

Tony Dejak/AFP

Others, like the city of Cleveland, have chosen to estimate their working hours at the moment, whether by issuing paychecks based on the employee’s set hours, or repeating paychecks from previous pay periods.

This has led to a shortage of salaries for some employees, especially those who worked overtime or on holidays. Federal labor law requires employers to retroactively correct their salaries when they are able to.

Healthcare employers have been hit particularly hard

For healthcare employers, the timing couldn’t be worse. John Reggie, the American Hospital Association’s senior advisor for cybersecurity and risk, said a “significant number” of hospital systems and healthcare employers in the country have been affected by the Cronos outage.

One of Kronos’ offline products is specifically designed for healthcare providers to help them manage complex employee schedules in 24-hour facilities.

Reggie said the blackout is an unnecessary administrative nightmare that was timed precisely at the time when the Omicron wave hits hospitals.

“If you turn a clinical manager on to help with the manual processing of payroll and timekeeping, that obviously takes them away from their clinical administrative duties,” Reggie said. “As we always do, hospitals and health systems are getting this done and taking care of patients, but under extra pressure and burden they don’t need now.”

The attack affected hospital systems and healthcare employers of all sizes — from small, remote rural hospitals to multi-hospital urban medical systems, according to the American Heart Association.

Some struggled to pay workers accurately. Employees across the country have turned to their unions, social media or local news outlets to report inaccurate paychecks.

University of Florida Health System staff in Jacksonville told local television station News4Jax that they had not received overtime or pay for the six weeks of vacation. In Montana, more than 250 nurses at the Missoula Community Medical Center lost their salaries due to the hospital’s decision to pay employees by duplicating early December salaries, according to a letter from the Montana Nurses Association reported by Missoulian.

Affected employers have committed to correcting workers’ wages once Kronos systems are back online.

But for workers who live paycheck to paycheck, losing overtime and vacation pay is tough, even if their paychecks are eventually corrected.

If the outage continues for so long, the dire situation now could become a nightmare for health care systems if workers become so angry that they choose to leave for employers whose payroll systems are not affected.

Reggie and the American Hospital Association acknowledge that the ultimate responsibility for the disruption lies with those who launched the ransomware attacks. “But with that said, there is still a lot of disappointment in the field with Kronos, in terms of the lack of initial transparency in terms of the extent of the disruption and in terms of the initial backup procedures as well,” he added.

A lawsuit filed this week says workers at Allegheny General Hospital in Pittsburgh missed overtime and vacation pay as a result of the Cronos outage.

Keith Srakocic/AFP


Hide caption

Caption switch

Keith Srakocic/AFP


A lawsuit filed this week says workers at Allegheny General Hospital in Pittsburgh missed overtime and vacation pay as a result of the Cronos outage.

Keith Srakocic/AFP

UKG does not say how this happened and who is responsible

UKG has been extremely silent about the details of the attack and who is responsible. (The incident appears to have nothing to do with the recently discovered Log4j vulnerability, the company says.)

“We have taken immediate action to investigate and mitigate the issue, alert our affected customers and notify the authorities, and are working with leading cybersecurity experts,” UKG said in a statement shortly after the attack was announced in mid-December.

The company has hired Mandiant, a cybersecurity firm, to conduct an investigation into the incident and West Monroe, a digital consultancy, to help restore operations.

Ransomware and other cyber-attacks are increasingly prevalent on private sector companies. President Biden has made combating cybercrime a priority of his administration. The Department of Justice indicted two ransomware criminals late last year.

“Interesting goal”

As central providers of mission-critical software to thousands of employers nationwide, companies like UKG are constantly at risk of cyber-attacks, experts said.

In the eyes of ransomware attackers seeking to maximize their leverage to get as much ransom as possible, cybersecurity firm CEO Scott Kanry said that during the holiday season a workforce software provider like UKG would be an “interesting target” for Axio.

“During the most inopportune time someone like this comes down, you have a better chance of getting someone to cut you a big check to get out of it,” he said.

Now, as the UKG begins to restore its systems, it will soon face another round of consequences: legal action and lawsuits.

Some of these legal threats may come from employers, such as the MTA in New York.

Others will come from the workers. After Larry Kroeck, a cafeteria employee at Allegheny General Hospital in Pittsburgh, asked about 54 hours of lost pay from his paycheck, supervisors told him “nothing can be done and there were 2,000 Larry Croecks with the same problem,” according to a lawsuit filed by Kroeck this week. which names both the UKG and the hospital as suspects.

Hacking could potentially put personal information at risk

A class action lawsuit filed last week in the Southern District of Florida alleges more than $5 million in damages resulting from what it calls “UKG’s failure to properly secure and protect personally identifiable information”.

The personal information that has been compromised depends on how individual employers use different UKG services. Many employers have warned their workers that some information could potentially be in the hands of attackers, including names, contact information, and basic employment information.

For some, the breach can be more serious: The City of Cleveland, for example, has warned its employees that the last four digits of their Social Security numbers have been hacked.

A UKG spokesperson declined to comment on the lawsuits. “Our investigation is still ongoing and we are working diligently with cybersecurity experts to determine if and to what extent sensitive customer or employee data has been compromised,” UKG wrote in a public update on December 28.

Perhaps more simply, the breach could cause UKG to lose its customers to its competitors. “Ransomware, more than it costs anything else, only harms your reputation,” said Purdy, the Santa Fe information security officer.

Workforce management software is traditionally “fixed”, a term in the software industry that means it can be difficult for customers to switch to a competitor. But experts said the length and severity of the disruption will make employers take a second look, even if they ultimately choose to stay with Kronos.

“I’m sure everyone will look at their contract closely,” Purdy said. “And when those contracts are renewed, they will make sure that there is a lot of language about what to do in this kind of scenario.”

Leave a Comment