Case Study: Security Matters Protecting the Backend

The Impact of the Kronos Outage on UMass Memorial Health's Payroll Operations​

In December 2021, UMass Memorial Health, a major healthcare provider in Massachusetts, faced a significant disruption in its payroll operations due to a ransomware attack on UKG's Kronos Private Cloud. This outage affected over 16,000 employees and lasted for more than a month, highlighting the vulnerabilities in relying solely on third-party timekeeping systems.

Timework Overview 

Timeline of Events

  • December 11, 2021: UKG     informed clients of a ransomware incident affecting the Kronos Private     Cloud. ​
  • December 12, 2021: UMass     Memorial Health became aware of the outage and began assessing its impact     on payroll operations. ​
  • December 16, 2021: With no     access to current timekeeping data, UMass processed payroll by duplicating     the previous period's data, making adjustments for known changes such as     new hires or departures.
  • January 4, 2022: The SHARE     union, representing some UMass employees, reported over 11,000 paycheck     errors and advised members to manually track their hours.
  • January 27, 2022: UMass     resumed using Kronos for timekeeping, though discrepancies in payroll data     persisted. ​
  • February 3, 2022: UMass     processed its first accurate payroll since the outage began.

 

Quantitative Impact

  • Employee Count: Over 16,000 employees were affected by the payroll disruptions.
  • Duration: The outage spanned approximately 54 days, from December 11, 2021, to February 3, 2022.​
  • Payroll Errors: More than 11,000 paycheck errors were reported by employees during this period.
  • Settlement: In response to the disruptions, UMass Memorial Health agreed to a $1.2 million settlement to     address back pay claims, with affected employees receiving an average of     nearly $375 each. ​

 

Challenges and Responses

The outage revealedseveral challenges in UMass's payroll system:​

  • Complex Payroll Structures: UMass's payroll included various components such as shift differentials, overtime, and bonuses, making manual adjustments difficult. ​
  • Manual Timekeeping: Employees resorted to manually recording their hours, leading to inconsistencies and errors.
  • Communication  Gaps: Initially, there was a lack of awareness about the outage's broader impact, leading to employee dissatisfaction.

In response, UMassimplemented several measures:​

  • Interdepartmental Collaboration: Finance, IT, and HR departments worked together to address the crisis. ​
  • System Upgrades: Plans were made to upgrade the ERP system to include a backup timekeeping feature, reducing reliance on third-party systems. ​

 

Timework Conclusion

The Kronos outage atUMass Memorial Health underscores the critical need for robust contingencyplans and diversified systems in payroll operations. Security and theapplication platform security are often overlooked. The incident not onlydisrupted employee compensation but also highlighted the importance oftransparent communication and interdepartmental cooperation in crisismanagement. Workforce Management systems are just as vulnerable as the rest ofthe technology stack, how are you tracking security in your solution?

Full Article Discussed:

(https://www.hrdive.com/news/the-kronos-outage-disrupted-UMass-Memorial-Health-health-payroll-for-more-than-a-month/620652/)

Additional Case Studies

Case Study: Timecard Settlement under the False Claims Act (FCA)
Home Four Rotate Arrow
Case Study: The True Cost of Timesheet Fraud
Home Four Rotate Arrow
Case Study: Seattle implemented the Secure Scheduling Ordinance
Home Four Rotate Arrow

Unlock the Potential
of Your WFM Program

Discover the Timework difference & drive workforce ROI
Let's Talk
Social
LinkedIn
Explore
SolutionsAboutCase StudiesTrainings
Contact
Contact Timework