In May 2021, Zellis’ managed payroll service enabled its partner the Irish Health Service Executive (HSE) to continue processing payroll for thousands of health workers accurately and on time while coping with the impact of a severe ransomware attack.
Ransomware attacks have become increasingly common in the past few decades, resulting in some extremely high-profile attacks on major government, health and public sector bodies, where disruption can impact hundreds of thousands of people.
One of the most recent of these was a cyberattack by Russian criminal gang Wizard Spider on Ireland’s Health Service Executive (HSE), which occurred overnight on Thursday 13 May 2021. Reacting quickly to the attack, the organisation’s entire ICT infrastructure was taken offline or put into quarantine. When the payroll team came to work on Friday morning – they faced an incredible challenge.
The impact across the HSE’s entire service was massive. Appointments for treatment needed to be rescheduled, covid testing and vaccination programs had been disrupted, and some hospitals had to resort to paper-based recordkeeping. While key IT was offline and being investigated, HR, payroll and email systems were inaccessible from the executive’s internal network.
This made critical data entry impossible for a looming payroll deadline – 22,197 employees were due to be paid on Thursday, 20 May.
In other words, the HSE payroll team, and their service partners at Zellis, had just two working days to capture accurate pay data, process payroll, generate outputs and sign them off, in order to send them to the bank on Wednesday 19 May.
The advantage of a managed service-based solution
There was, however, some good news. The HSE had partnered with Zellis to provide a managed service, which was underpinned by a cloud-based payroll solution hosted at a third-party data centre. This meant that several key payroll systems, and professionals, were isolated from the impacted systems – and offered a route to making sure people got paid.
As Brid Harte, one of HSE’s national payroll managers, says: “We were thankful that we had a managed service. It meant Zellis could get everything up and running as soon as we got our first ‘clean laptop’. They were nothing but helpful – in fact, Sean [Murray, Application Consultancy Leader at Zellis] was supportive in working collaboratively with myself and the HSE payroll team in order to ensure continuity of the payroll function resulting in HSE staff being paid correctly and on time despite significant and unprecedented disruption to our IT systems.”
In order to run payroll under disaster recovery conditions while HSE systems and communications were still down, a series of robust and secure workarounds were quickly established. A ‘clean’ laptop was sent out and an SFTP-based network set up to exchange large payroll files between designated email accounts so that the required data could be uploaded into Zellis’ secure systems.
Printing and scanning services were also transferred from HSE to Zellis’ operations site in Dublin, while access to the employee self-service application, MyView, which normally takes place via the HSE network, was provided by Zellis instead. This workaround was seamless to HSE employees as they still used their original URL, but it was now directed to the Zellis site.
Swift and collaborative action
These actions, which were only possible through the close collaboration between the HSE and Zellis payroll teams, meant that every doctor, nurse, social worker, support staff and care professional on payroll under the Zellis managed service were paid accurately and on time on 20 May. The process was extended to ensure that the applicable workers did not need to worry about their pay being delayed.
Over the following month, 22 clean laptops were rolled out by HSE to be shared among the more than 100 payroll staff at key HSE payroll sites in the West, South and North East in Ireland. Zellis then provided each payroll manager with individual Secure Sockets Layer virtual private network (SSL VPN) tokens and supported in configuring secure WiFi connections so that they could access the Zellis system.
With the increase of clean laptops available, this enabled the HSE payroll teams to start working on the ResourceLink system again and the pressure began to ease. Throughout, the core HSE and Zellis teams worked long hours to ensure every payroll deadline was met. This situation continued for about two months until most of the HSE systems and networks were finally re-instated on Thursday 23 July.
The secrets to success
The secrets to success in this difficult situation came down to four key factors, believes Zellis’ Murray. Firstly, while the problem emerged due to a compromise of technology, having tried and trusted technical solutions for the specific technical challenges of payroll was invaluable.
Secondly, the fact that the teams from both sides had worked together for 25 years meant they had a strong relationship and were able to collaborate effectively. It also meant that Zellis had a deep appreciation for what HSE was thinking and feeling during the response. “As payroll practitioners ourselves, we understood what our client was going through,” he said. “We all felt that pressure and sense of responsibility to ensure thousands of frontline health workers in the throes of dealing with a global health emergency, were paid correctly and on time under extreme circumstances”, Murray explains.
A third key success factor involved having dedicated teams willing to work late and go above and beyond the call of duty to problem-solve and rapidly adapt processes to hit payroll deadlines. In this regard, the Zellis managed service team in Dublin, led by Pamela Cryan, and her HSE Service Lead, Gary Murphy, went above and beyond the call of duty to support the HSE payroll team, led by Bríd Harte, to meet critical payroll deadlines in very trying circumstances.
Finally, because staff on both sides were well trained, experienced and understood how each other’s processes worked, the fourth factor, seamless collaboration, was possible. “It was amazing to be able to work together effectively without the need for time-consuming meetings or reinventing processes to fit purpose.”
During the cyberattack, there were also regular broadcasts with daily payroll updates via the HSE website to cover off communications for all involved.
The HSE payroll managers Sean Molloy, Gillian Hyland, and Gillian Archer and their respective teams in the three payroll sites worked tirelessly as a group with the Zellis team to ensure that all employees and pensioners were paid accurately and on time under very stressful circumstances.
As Harte concludes: “We couldn’t have done it without Zellis. As it was, we paid all employees and pensioners on ResourceLink accurately and on time for a couple of months with no systems of our own. It was an amazing achievement, a real good news story and HSE management was delighted because there was no impact on frontline workers already hit hard by Covid.”