PrismHR, a leading Massachusetts-based provider of human resources and payroll services, suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.
The company’s flagship HRO software PrismHR, which allows thousands of professional employer organizations (PEOs) to manage payroll, benefits, compliance, HR, and tax forms, had to be temporarily shut down following a cyber security incident that disrupted payroll processing operations for over a week.
The security incident took place last Sunday and resulted in PrismHR’s business customers losing access to PrismHR’s customer portals. “We’re working on getting the system back online. The system you are attempting to access is currently unavailable. We’re sorry for the inconvenience and appreciate your continued patience as we work to restore the system to operation as quickly as possible,” reads a statement put up on the company’s customer portal.
PrismHR has notified its clients about the outage and has pledged to waive-off administrative fees for the current payroll period. While the company has not publicly admitted to suffering a breach, it informed client companies and employees that it suffered a “suspicious activity” last weekend and had to shut down its servers and network immediately to protect the integrity of its systems.
While investigations into the security incident are still underway, security experts believe the company may have suffered a ransomware attack as its actions are straight out of the textbook recommendations for responding to a ransomware outbreak. The attack took place over the weekend when employees are not present and the systems were not being used. Security experts also said that PrismHR is in the process of rebuilding its entire system from data backups in a new environment.
“We recently experienced a cyber incident that affected our payroll and benefits software used by Professional Employer Organizations (PEOs) throughout the US. We immediately disabled access to the system to protect customer information and engaged top-tier security experts to help on this. We are working quickly to restore customer access to our platform. While we are still looking into this, there is currently no evidence of unauthorized access or theft of data contained on our servers,” the company told Bleeping Computer.
Commenting on the security incident affecting PrismHR’s systems, Lewis Jones, Threat Intelligence Analyst at Talion, told TEISS that companies such as PrismHR hold a vast amount of sensitive data so it’s no surprise they are targeted by ransomware operators.
“The disruption to payroll services will have a massive impact on clients and its workers which will no doubt cause a lack of future confidence in PrismHR. Ransomware renders any files it touches unreadable unless, and until, a victim pays for a digital key needed to unlock the encryption on them.
“Whilst PrismHR have stated that findings from the initial investigation have found that no sensitive data was leaked, given the volume and sensitive nature of the data PrismHR manages on behalf of their clients, it’s no doubt those clients and their customers will be concerned. As seen with other ransomware attacks whilst the ransom can be paid businesses have no guarantee that the data will be deleted and won’t be published in the future,” he added.
“Due to the nature of this organisation, PrismHR makes for an extremely valuable target to an adversary looking to extract sensitive information across a large number of companies in one singular attack,” says Natalie Page, Threat Intelligence Analyst at Talion. “The successful exfiltration of this information has the potential to provide a huge return to an attacker looking to financially gain via the sale of this data.
“While information regarding this attack is quite vague, it is extremely concerning that the infiltration has the potential to impact up to 200 small to medium-sized businesses. Unfortunately, organisations of this size after often less prepared for an incident like this one, with budgeting usually less prioritized for a potential cyber-attack,” she adds.