MaineHealth and Hannaford, two of Maine’s largest employers, have been affected by a ransomware attack on Kronos, a Massachusetts-based human resources firm that helps companies around the world manage their payrolls and track employee time and attendance.

Kronos said the ransomware attack, which occurred late Saturday night, may keep its systems offline for weeks. The company was unable to offer a definite time frame for restoring services and admits the delay has the potential to impact the issuance of employee paychecks and how companies keep track of when employees clock in and out of their shifts.

Kronos’ software is used widely in the United States by municipal governments, university systems and large corporations.

“(Kronos) recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers,” a company spokesman said in a statement issued Thursday night to the Portland Press Herald. “We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services.”

Kronos is recommending that its customers use backup plans such issuing paper paychecks and having employees manually track their shift start and end times. Kronos did not respond to a request asking how many Maine companies were impacted by the attack.

MaineHealth issued a statement Thursday letting its employees know that they will be paid on time following the attack. MaineHealth uses Kronos software to track the hours of its 22,000 employees in 11 counties in Maine and Carroll County, New Hampshire. Two MaineHealth organizations, MaineHealth Care at Home and NorDx Laboratories were not affected by the attack. In its statement, MaineHealth said the Kronos system was used only to log employee hours and was separate from the health care network’s payroll system.


“As such, there is no risk that employee Social Security numbers or bank routing information has been exposed as a result of the ransomware attack,” MaineHealth said. “The ransomware event targeted Kronos’ internet-based services, and no systems or data at MaineHealth have been compromised. MaineHealth has been working around the clock to assure that paychecks will be issued as scheduled tomorrow, Friday, Dec. 17, and has put in place new procedures for tracking employee hours in the coming weeks.”

MaineHealth said it will have to manually record some changes in hours worked in the final week of the most recent pay period and reconcile those changes in subsequent paychecks. MaineHealth said the ransomware attacks came at an inopportune time, especially as its hospitals contend with treating a surge in COVID patients.

“Though this ransomware attack affects employers worldwide, it is especially unfortunate that our care team members have to deal with this at a time when the pandemic is at its peak in Maine,” Al Swallow, chief financial officer of MaineHealth, said in a statement. “We are doing all we can to mitigate the impact of this on our team and help them to continue their heroic work caring for our patients.”

Meanwhile, Ericka Dodge, the spokesperson for Hannaford in Maine, acknowledged that the supermarket chain had been impacted by the ransomware attack. Dodge said Hannaford uses Kronos to operate its timekeeping system, not its payroll system. Hannaford employs about 10,000 associates in Maine.

“Hannaford is among the many companies worldwide that have been impacted by the Kronos outage, and we have taken steps to ensure associates are paid promptly and appropriately,” Hannaford said in a statement. “Our stores are tracking hours worked manually during the outage and have implemented other process changes. We remain in contact with Kronos to learn more about the outage and its likely duration.”

Dodge said the Kronos outage occurred on the last day of Hannaford’s payroll week, preventing hours for the week from feeding into Hannaford’s payroll system. As a result, Hannaford issued paychecks based on the prior work week and made immediate cash advances available for any individual who worked more hours.


“Any errors in an individual’s paycheck are being and will continue to be quickly corrected,” Dodge said. “Associates are paid for their hours worked.”

NPR/Maine Public reported that the hack affected dozens of employers across the country including New York’s Metropolitan Transportation Authority, the city of Cleveland, the Oregon Department of Transportation and a number of universities, including the University of Utah and George Washington University.

In a list of steps that it is taking to rectify the hack – published on its private cloud status update – Kronos makes no mention of whether the attackers demanded money.

“We recognize the seriousness of this issue and are committed to supporting our customers as we work to a resolution,” UKG said.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.