Ascension Health reports that it is among the many companies affected by a massive ransomware attack that targeted Ultimate Kronos Group, a human resources company whose software Ascension uses. The hack has forced Ascension to change how it pays employees across the country, including at Ascension All Saints Hospital, Racine County’s biggest hospital.
Ascension has not directly said how widespread the problems are, although it has been reported at at least one other Ascension hospital in Indiana.
Nestlé, which employs approximately 400 people in Burlington, also is a client of Kronos, but spokeswoman Dana Stambaugh said in an email Thursday afternoon “that this (hack) will have no impact on our ability to pay our employees.”
People are also reading…
Kronos is a human resources company worth billions. It reportedly “suffered a ransomware attack that may keep its systems offline for weeks,” NPR reported. “To ensure employees are paid, companies that rely on the software are working to find backup plans — including issuing paper checks, some for the first time in years.”
Ransomware is when hackers who take control of an organization’s computers and lock out the organization itself, often demanding untraceable payments (sometimes totaling in the tens of millions of dollars) to return computers to normal.
According to a statement from an Ascension Wisconsin spokesperson: “Like many companies, we have been impacted by the ransomware attack on Kronos. While Kronos is working to address system issues, we have put in place alternate systems to track time and process payroll as scheduled.” As such, the nonprofit health system expects all employees to be paid on time.
USA Today reported that “for now, Kronos recommends its clients look into alternatives for workforce management while it navigates this situation.”
Last year, after ransomware shut down the City of Racine’s computer systems. Rather than pay the virtual kidnappers, the city essentially rebuilt its systems from the ground up, a process that took months.
Hackers often will gain access to a computer system but not act for months as they search for more exploits that could give them more power or access to other organizations’ systems before they initiate a shutdown and issue demands.
A massive computer vulnerability tied to Minecraft, the all-time best-selling video game which is now owned by Microsoft, was made public last month. The security flaw is possibly the worst computer vulnerability discovered in years, leaving untold numbers of computers open to infiltration.
“The internet’s on fire right now,” Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike, told The Associated Press. “People are scrambling to patch,” he said, “and all kinds of people scrambling to exploit it.” He said earlier this month that in the 12 hours since the bug’s existence was disclosed it had been “fully weaponized,” meaning malefactors had developed and distributed tools to exploit it.