COLUMBUS, Ohio (WCMH) — One of central Ohio’s biggest employers is working to fix the problems caused by a ransomware attack that crippled its payroll software. Some hourly workers say the issue has left them short-changed on their paychecks.
OhioHealth is one of about 27,000 employers that rely on the Ultimate Kronos Group for its human resources systems. Kronos announced last month that it had been hit by a ransomware attack, leaving its clients to find alternative solutions to pay workers.
OhioHealth managed to get paychecks out, but as one employee showed NBC4, her unique circumstance highlights a major issue in her employee’s backup plan.
The OhioHealth employee didn’t want to be identified out of concern that it would impact her job.
“I just thought it needed to be out there. People really needed to understand the impact of this,” she said.
After Kronos announced in mid-December that its human resources software had been targeted in a ransomware attack, the thousands of employers that use the software came up with different ways to make sure workers wouldn’t miss a paycheck. The OhioHealth employee explained that hourly workers received the average of the last three pay periods prior to the attack.
But in her case – there was a problem: she was on leave under the Family Medical Leave Act during those pay periods, during which she received 70 percent of her usual pay. Now back from leave, the worker says she’s still getting 70 percent despite working full-time.
The employee said she spoke to human resources about her issue.
“They said that I needed to talk to my manager, and they needed to submit a payroll correction,” she explained. “Well, you’re not allowed to submit payroll corrections at this time.”
She said OhioHealth was unable to provide a time frame for when the discrepancy would be corrected.
“We are fortunate to be able to pay associates timely based on their employment status or estimates, and we are processing corrections to reflect actual hours as soon as they are available. We are committed to ensuring associates receive pay for the hours they have worked in supporting our patients and their families. To our knowledge, the information we have in our Kronos-hosted application does not include sensitive personally identifiable information,” said an initial statement from OhioHealth regarding the ransomware attack.
The employee said a timely solution is critical.
“For the little guys that are clocking in and out every day, this is detrimental. I mean, I don’t know what to do,” she said. “Do I starve for two weeks or do I pay my mortgage?”
Kronos announced Sunday that it’s reaching out to clients this week, at which point, the company will have a better idea of when its systems will be back up and running.
In response to additional questions from NBC4 regarding a timeline, an OhioHealth spokesman replied, “OhioHealth’s biggest priority is to make sure our associates are paid on time. We have had an open line of communication with Kronos throughout this disruption and have been assured that healthcare clients, like OhioHealth, are at the top of the priority list. Though we don’t have a timetable for when the system will be back up and running, we are working on a temporary time-keeping solution that will help us capture actual hours worked, to help pay our associates accurately, allowing us to transition from paying associates an estimated average, while Kronos remains unavailable.”