To state the obvious: the Kronos situation is horrible for some SHARE members. It couldn’t have happened at a worse time – many SHARE members are picking up tons of overtime, there are incentive bonuses, and complicated holiday pay situations. SHARE members are stressed out and over-worked by the pandemic and staffing shortages. And it happened over Christmas, a time when many SHARE members need that extra cash in their paychecks.
You Will Get Paid What You Are Owed
It’s the law: UMass Memorial must pay you the correct amount as soon as they are able to. In SHARE’s discussions with the hospital, it’s clear that UMass Memorial is committed to getting it right. The Massachusetts Attorney General’s office is paying close attention. And SHARE will help members make sure the corrections are made to their pay.
Our best advice to you: Keep track of your hours for yourself, in addition to documenting your hours for the hospital, so you can check to make sure it’s correct later.
What’s Going on with Corrections?
Staff have reported over 11,000 paycheck errors. Payroll is triaging them, focusing first on staff who are missing full paychecks, and those who make the least money. Payroll has added staff to help with this job. The experienced staff who best know the payroll rules (differentials, etc.) and the Infinium system (the hospital’s payroll software) are focused on fixing the triaged priority situations.
However, they aren’t able to keep up, and not all the 11,000 reports of errors haven’t gone through triage yet.
What You Can Do If You Face Extreme Hardship
Your pay is going to be fixed. If you can live without the money owed to you for now, we recommend to sit tight and wait, so Payroll can focus on the most urgent situations and keep their process moving forward.
In case of emergency, there’s the hospital’s EASE fund, which is designed to help employees in need, as well as Hardship Help services offered to all union members through the Union Plus program
Some SHARE members are deeply affected by the Kronos situation, especially with everything else going on right now. Thanks to everyone for being patient. Your kindness goes a long way.
You Can Pay It Back Gradually, If You Owe
If the hospital overpays you, you will have to pay it back. However, the hospital has agreed with SHARE that SHARE members should be able to pay it back gradually if they need to. The hospital says its first priority will be to pay staff any money they are owed.
When Will This Be Fixed?
The hospital has told SHARE that employees will continue to get the same amount (based on the November 28 week check) until Kronos is up and running again. If this goes as the hospital expects, the first paycheck based on your actual hours would be the beginning of February.
First you will get an accurate paycheck based on your hours. Then the hospital will work on using your time records (punching, paper and through the app) to correct the December and January checks. Fixing every mistake will take weeks, if not a couple of months.
All Paid-Time-Off banks (earned time, etc.) may currently be wrong, so you should ignore any numbers that you see on your paychecks. The hospital has raised the caps to allow extra time to be accrued while this is broken. Keep your own records of your time off, just to be safe.
What Do We Know about What Happened?
UMass Memorial says that Kronos (and the cyber pirates) only had access to very limited personal information: employee names, the hours they worked, and maybe the age of the employees. Sensitive employee information, such as social security numbers, is kept in Infinium, UMass Memorial’s local payroll system.
The Kronos attack was one of the largest international data breaches of the last year. Although the Kronos attack affected over 2000 clients worldwide (including the Target chain of stores, Tufts Medical Center, and the MBTA), we’re told that UMass Memorial was in many ways at the “tip of the spear” in having to figure out how to get employees paid fast. The hospital is one of few organizations that pays on a weekly basis -- the hospital had 48 hours to figure out how to get people paid after the system went down, while many employers like Tufts Medical pay every 2 weeks, or even monthly. The hospital says that other employers hit by this did the same thing UMass Memorial did – continue to pay employees based on a past paycheck.
Epic, our hospital’s other huge IT system, is completely separate from Kronos. (Epic appears also not to be susceptible to the Log4j attacks that have been in the news lately. Unlike Kronos, Epic does not have cloud-based databases.)
When SHARE asked why there was no back-up system for a situation like this, one senior leader compared the Kronos outage to Hurricane Katrina: a worst-case perfect-storm scenario beyond anyone’s contingency plans.
It may not be accidental that the cyber attackers hit in December. It’s the worst time for employees, and for businesses who have to do end-of-year tax work, so the hackers could demand a higher ransom.
Kronos has now paid the ransom to the cyber attackers. The company is in the long process of unlocking, inspecting, and testing its systems before those can go live again. After that, the hospital will then begin its own inspection and test processes with Kronos. Then, finally, UMass Memorial will be able to issue correct paychecks again.