BUFFALO, N.Y. (WIVB) — A ransomware attack on a large human resource company’s cloud solution is impacting businesses around the world including companies here in Western New York.
Catholic Health is one of several local organizations affected.
A spokesperson for Catholic Health said they learned last weekend their time and scheduling applications were disabled due to the attack and they don’t know how long this could last.
Kronos provides cloud-based time and attendance, scheduling, and data collection to 10,000 members.
Companies including Target, Whole Foods, and Tesla as well as universities and city governments have also been affected by the ransomware attack nationwide.
Locally, Catholic Health is using a partially manual time and attendance process with other electronic tools to help. They said in a statement:
“No other catholic health business or patient applications have been affected. Limited associate information (name, associate #) is provided to Kronos. Catholic Health does not provide bank account or social security information to Kronos.”
A cybersecurity expert said attacks like these could increase after a vulnerability was recently found in a software called Log4j, affecting companies around the world.
The Kronos cloud attack hasn’t been linked to the vulnerability but Mike Stamas from GreyCastle Security said we could see the impacts from the vulnerability for years to come.
“This piece of software is used so widely across so many different applications it’s difficult for companies to be able to understand where they might be using that software, getting to it, and implementing these patches that essentially reduce the severity of the vulnerability,” Stamas said.
He said it’s important to be aware of who you’re sharing your information with.
“Obviously your doctor, your healthcare organization, your banking institution, you need to share your information with them but if you’re buying a last minute gift online and it’s with some third party retailer that you probably will never do business with again, don’t save your information with them because vulnerabilities like were talking about today put our information at risk.”
Catholic Health expects its next scheduled payroll to be processed on time, with direct deposit and paychecks going out to employees on December 23.