Kronos, an HR management solutions provider, has reported the discovery of a ransomware attack. The incident disrupted several services that hospitals and other health systems use to manage their workforce and payroll operations.
Keep reading to learn more about the attack and the best protective measures to keep your organization’s data secure.
SEE ALSO: HIPAA compliant email
Kronos first became aware of suspicious activity within its systems on December 11 and took immediate steps to look into and mitigate the issue. The investigation found that Kronos Private Cloud, a portion of the business that includes its Workforce Central, TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions, was affected by a ransomware attack.
The company reports that these cloud solutions are currently inaccessible and “it may take up to several weeks to restore system availability.”
How is Kronos responding to the attack?
According to the alert, the investigation remains ongoing while Kronos continues to determine the full scope of the attack. The company has notified the authorities and is “working with leading cybersecurity experts to assess and resolve the situation.”
As the impacted services have been taken offline, Kronos strongly urges customers to implement alternative business continuity plans and notes that its community and customer support teams are available to provide additional support in this area.
Ways to minimize your risk
John Riggi, senior advisor for cybersecurity and risk at the American Hospital Association (AHA), states that the Kronos incident further highlights the importance of robust third-party risk management programs.
“If mission-critical third-party services are made unavailable due to a cyberattack, it may result in disruptions to hospital operations,” he explains. “As such, we urge all third-party providers that serve the healthcare community to examine their cyber readiness, response and resiliency capabilities.”
The Cloud Security Alliance (CSA) also recently released guidance on preventing the growing threat of ransomware in the healthcare cloud, emphasizing that cloud storage doesn’t offer guaranteed protection from cyberattacks. CSA’s recommended safeguards include installing endpoint protection, filtering incoming and outgoing emails to identify threats, and deploying network segmentation.
Stay proactive with Paubox
As cybercriminals continue to evolve their approaches, solid safety practices aren’t always enough to protect your sensitive information from ransomware and other attacks. This makes it more critical than ever for healthcare providers to stay proactive with stronger email security.
Built to conveniently integrate with your current email platform such as Google Workspace or Microsoft 365, Paubox Email Suite enables you to send HIPAA compliant email by default. This means you don’t have to spend time deciding which emails to encrypt and your patients are able to receive your messages directly in their inbox without having to navigate any additional passwords or portals.
Paubox Email Suite’s Plus and Premium plan levels also include advanced inbound email security tools for further protection from potential threats. Our patent-pending Zero Trust Email feature uses email AI to verify that an email is legitimate, while patented ExecProtect works quickly to intercept display name spoofing attempts.