Cyberattacks' impact lingers at Hawaii businesses

Peter Boylan, The Honolulu Star-Advertiser
·4 min read

Jan. 20—A month after cybercriminals shut down a third-party, cloud-based timekeeping system used by employees of The Queen's Health Systems, the Honolulu Board of Water Supply, city Emergency Medical Services workers and thousands of businesses and organizations nationwide, some supervisors continue to use manual record-keeping to track work hours and leave time.

In addition to the added work, the loss of Kronos platforms, sold by a company out of the United Kingdom, is forcing users to reconcile overtime and other payment discrepancies caused by the outage.

Kronos suffered a ransomware attack Dec. 11 that continues to impact users around the world. The loss of the timekeeping and leave accounting platform affects millions of U.S. workers, including 20, 000 New York City transit employees, the Whole Foods chain of high-end grocery stores and health care systems, according to National Public Radio.

Whole Foods did not reply to the Honolulu Star ­-Advertiser's requests for comment about the impact on its Hawaii workforce and operations.

The Queen's Health Systems told the Star-Advertiser its platform serving nearly 8, 000 employees has been restored but it is still working through issues and needs to complete reconciliation for the pay periods when Kronos was down.

"During the five-week outage, Queen's utilized an interim timekeeping application, which enabled us to continue paying our employees on time, " said Minna Sugimoto, corporate communications manager for The Queen's Health Systems.

Queen's is working to determine what, if any, money is owed to employees in connection with the outage.

The Board of Water Supply ensured that base pay for the 600 employees impacted by the Kronos outage was not affected but will have to go back to Nov. 28 to calculate premium pay accrued by workers, according to a spokesperson.

"While Kronos' systems were offline, the BWS implemented a manual process for tracking employee time to ensure the employees were properly compensated once the Kronos system was restored, " said Tracy Burgo, information specialist with the Board of Water Supply. "Our IT team worked tirelessly with the Kronos Recovery Team to successfully restore the Kronos system. Testing has been recently completed and the system has been deemed stable. We anticipate utilizing Kronos to generate the employee paychecks for the next pay period to include both the base pay and premium pay accrued since 11 /28 /2021."

About 275 city EMS workers lost use of Kronos on Dec. 11 but city officials think it will be back online in the coming weeks.

"We immediately went to our backup plan which was eform time cards and paper schedules which were up to date, " said EMS District Chief Eddie Fujioka, in a statement to the Star-Advertiser. "There was no charge for the recovery to HESD (Honolulu Emergency Services Department ). Since we switched to eform time cards and paper schedules there was no loss of salary, or missed pay checks."

In a separate incident, a ransomware assault on Oahu Transit Services on Dec. 9 that sidelined online services for TheBus, TheHandi-Van, TheBus app and its HOLO card system remains the subject of a criminal investigation by the FBI, Honolulu police and the U.S. Secret Service.

The FBI's Honolulu division acknowledged the ongoing probe and declined comment. Federal agents have not briefed the city or OTS since the start of the investigation.

City information technology officials speculate the attack was the work of hackers affiliated with Russia but acknowledge the investigation into the incident by the FBI, Honolulu police and U.S. Secret Service is ongoing. A warning not to interfere while the hackers explored OTS' systems was allegedly connected to a Russian email address.

TheBus Pass Office reopened on Dec. 29 and is resuming normal operations, according to OTS.

On Dec. 20, OTS brought back online the website for TheBus and TheHandi-Van, restoring real-time vehicle location for passengers tracking their rides, while work continues to restore email servers.

OTS employees can share internal emails and will have full use of their account on Monday. There is no evidence so far that any data was taken ; the city did not receive a ransom demand.

The outage cost OTS about $64, 000 in overtime payments to employees during a short period following the Dec. 9 attack, according to OTS.

"OTS implemented policies and procedures to strengthen internet and Wi-Fi security and is working with Microsoft to strengthen defenses against future potential attacks to the most modern standards available at this time, " said Jon Nouchi, deputy director of the city's Department of Transportation Services. "OTS continues to coordinate with federal agencies on best practices moving forward."