COLUMBUS, Ohio (WCMH) — OhioHealth said it will pay workers their wages impacted by a widespread ransomware attack by the end of January, or sooner.

As COVID-19 cases and related staff shortages bog down hospitals, some staff at OhioHealth said they’re not getting paid what they’re owed.

The Ultimate Kronos Group is a timekeeping company used by thousands of employers. Kronos was targeted by a ransomware attack in mid-December, leaving its clients scrambling to make sure workers didn’t miss a paycheck.

OhioHealth workers were paid on time, but multiple hourly employees told NBC4 Investigates their recent paychecks have fallen short of what they earned.

“We are consistently asked to pick up extra (shifts) to help out,” said one emergency room nurse employed by OhioHealth, who asked to remain anonymous. “We’re just short-staffed with the pandemic.”

The most recent paycheck for OhioHealth employees came Dec. 31. The ER nurse said she was expecting roughly $1,400 because of the extra shifts she’d been working.

“My gross pay on Friday was $600, so I got $427 after tax into my bank account,” she said, showing a copy of her recent pay statements.

To pay hourly workers on time after a ransomware attack crippled its timekeeping company, OhioHealth calculated paychecks using the average of the previous three pay periods before the attack.

As multiple hourly workers pointed out, those November pay periods contained fewer shifts because COVID-19 cases hadn’t yet surged. Holiday pay was not included, either.

A second nurse, who said her most recent paycheck was between $300 and $400 short, called it “a cherry on top” of a difficult year for hospital workers.

“After everything we’ve been through, just to kind of like add this on top of it has been a little tough,” the first nurse said. “It almost feels like you’re, like, working for free, essentially, not knowing when you’re going to get paid. But we love our community, and we’re trying to fight this pandemic, so, we do it.”

According to four workers who reached out to NBC4 Investigates, employees were told to contact their managers about payroll corrections. An internal email from OhioHealth dated Dec. 16 said the payroll department at that time had received roughly 6,000 payroll corrections from employees.

“Our manager kind of just says, ‘Oh, I don’t know,'” the ER nurse said. “So, we’re kind of just all stuck in this limbo of, eventually we’ll get paid. But we don’t know when that is and what that looks like.”

On Tuesday, employees received another email from OhioHealth informing them of a new timekeeping system in place. The email provided deadlines on how to submit hours worked in December that were impacted by the ransomware attack and informed them that January’s paychecks would include the money they were owed for those hours.

But for employees that had bills due in early January, “There’s bills to pay. I don’t know what I’m going to do,” the nurse said.

A spokesman for OhioHealth said hardship circumstances should be brought to managers immediately and will be prioritized by the company.

The spokesperson sent the following statement to NBC4:

“OhioHealth, along with the 27,000 other businesses nationwide, has been disrupted by the Kronos ransomware attack which impacted our timekeeping system.

This issue has impacted nearly 21,000 of our associates. We continue to work hard to ensure they all are paid appropriately for hours they have worked.

Our Human Resources and Payroll teams are working every hour of every day with associates on this. We have put in place a couple of routes for reconciling pay for associates who have been underpaid. We ask that they connect with their managers because these situations are given prioritization and, in most cases, we have been able to resolve them within two business days.

As we wait for the Kronos system to come back online, yesterday we launched a new, temporary timekeeping tool. This tool allows associates to submit details of actual hours worked instead of an estimated average.”

OhioHealth statement on payroll discripencies

On its website Tuesday evening, Kronos wrote that it is making progress in recovering the data that was encrypted in the ransomware attack. The company said liaisons will update affected customers by Jan. 7 on when their data will be recovered.