Cyberattack led to payroll problems at Cheyenne hospital

Posted 3/29/22

CHEYENNE (WNE) — More than 2,000 employees were affected when the software that Cheyenne Regional Medical Center and its overall health system uses for timekeeping and processing payroll was …

This item is available in full to subscribers.

Please log in to continue

E-mail
Password
Log in

Cyberattack led to payroll problems at Cheyenne hospital

Posted

CHEYENNE (WNE) — More than 2,000 employees were affected when the software that Cheyenne Regional Medical Center and its overall health system uses for timekeeping and processing payroll was targeted by a larger scale phishing ransomware attack. 

This incident caused about 55% of CRMC employees to be overpaid and to have to later reimburse their employer for money they were incorrectly paid that was not really owed to the staffers. Others, about 45%, were underpaid, and the hospital was making good on their full paychecks.

Some of the systems that CRMC uses for human resources and related issues were down for several months, as the software vendor worked to fully fix all of its systems. 

Software company Kronos’ workforce management system, Kronos Private Cloud, went down on Dec. 11. This KPC outage affected 15,000 employers in the U.S. and worldwide, according to a written statement from Cheyenne Regional’s Joanna Vilos, its chief human resources officer. 

While Kronos was down, Vilos said, the health system’s payroll department manually processed paychecks for its employees over five pay cycles. Kronos again became fully functional in early March, the statement said. 

When Cheyenne Regional could access the payroll system, it “immediately began reconciling all employees’ paychecks,” Vilos said. 

No personal employee information was compromised in the attack, she said, thanks to CRMC’s “robust set of policies and practices against cyberattacks.”

Comments