A cybersecurity incident at PrismHR Inc., a business-software provider, has sent providers of human-resources services scrambling to ensure their clients can pay employees correctly and on time this week.
On Thursday, PrismHR, based in Hopkinton, Mass., said it had been hit on Sunday by what is called a “security incident” that affected its payroll and benefits platforms. Those platforms are used by companies known as professional employer organizations, or PEOs, that provide outsourced human-resource and payroll services, mostly to small and medium-sized businesses.
Despite the outage, Prism said there has been no evidence of unauthorized data access. A PrismHR spokesman declined to provide further details about the nature of the incident.
“We’ve been working around the clock and are quickly and securely bringing our systems back online while working together with our HR service providers to help ensure they can process payroll,” the spokesman said Thursday. As of Friday, access for core services has been restored to 70% of customers, and the company expects all customers to get restored access before the weekend, PrismHR said.
The software outage illustrates how, as more business processes move to cloud-based software, a single point of failure can affect the operations of thousands of companies, including mom-and-pop operators. PrismHR is one of the most widely used cloud-based software providers for PEOs. PEOs, in turn, manage payroll for hundreds of thousands of U.S. businesses that employ millions of people.
PEOs are especially important for small businesses that lack the resources to handle their own HR and payroll matters, said Pat Cleary, the chief executive of the National Association of Professional Employer Organizations.
“You start using a PEO when not everyone in your company is related to you,” Mr. Cleary said, adding that their sweet spot is serving businesses with 10 to 100 employees.
The PrismHR outage is unlikely to cause workers to miss paychecks, said Michael Roloson, a director at PEO Focus Inc., a Charlotte, N.C., consulting firm that advises businesses on working with PEOs. That is because even with PrismHR’s software disrupted, PEOs have been working with employers to pay workers based on their estimated wages, he said.
Still, for some affected companies, the outage has made a mess of the typical routine payroll process this week.
“Your entire staff is stressed, trying to get payroll in order,” Mr. Roloson said, describing the incident’s impact within PEOs. “They’re scrambling to get all this done so it’s accurate.”
The disruption could inconvenience workers whose pay varies from paycheck to paycheck, such as hourly contractors or salespeople who rely heavily on commissions. If those people earned much more in the latest pay period than they did previously, for example, they might be underpaid until PEOs can correct the shortfall in a future check, Mr. Roloson said.
“If you have a company where people are being paid weekly, or are bonused heavily, it just makes it extremely difficult to maneuver,” Mr. Roloson said.
Prism, founded in 1985, serves more than 80,000 organizations and handles the payroll of more than $80 billion annually for a total of more than 2 million employees. Some PEOs that use PrismHR software have told their business customers that PrismHR’s systems are down and that the outage may disrupt payroll processing.
Dan Barcheski, founder and chairman of a Grand Rapids, Mich., PEO called Axios Inc., said the company reverted to manually entering clients’ payroll information this week to make sure workers were paid on time during the PrismHR outage.
“No one is happy about the fact that something occurred, but it has not affected our ability to work with our client base,” Mr. Barcheski said.
Earlier this week, AdvanStaff Inc., a PEO based in Las Vegas, said in a message on its website that the outage could affect payrolls and said it would rely on wage estimates from previous payroll periods if needed.
In an email on Friday, AdvanStaff Chief Operating Officer Matt Richards said that all its payroll functions have been restored, and that no payrolls were missed or delayed.
G&A Outsourcing Inc., a Houston-based PEO that is a PrismHR customer under the name G&A Partners, said on its website that its PrismHR portal was down.
G&A’s general counsel, Stephen Calvert, said G&A is “working diligently to address our clients’ specific needs until PrismHR service is fully restored.”
Some PEOs, instead of relying on PrismHR’s cloud, run their own instances of the company’s software on internal servers. Those companies were insulated from the PrismHR cybersecurity incident, Mr. Roloson said—but that approach requires more upfront investment, he noted.
Overall, PEOs provide services to about 175,000 U.S. businesses that collectively employ approximately 3.7 million people, according to Napeo. The industry’s annual revenue is roughly $270 billion.
PEOs have thrived during the pandemic as more small businesses turned to them in greater numbers to outsource increasingly complex HR challenges, Mr. Roloson said. Shifting work schedules, compliance issues and benefits requirements during the public-health crisis have led more small companies to seek outside help managing administrative matters.
News Source: WSJ