Blog Layout

PrismHr Security Incident Explained

PEO Focus Team • March 4, 2021

What Exactly Happened To PrismHR?

PrismHR is a leading provider of software and HR services to Professional Employer Organizations (PEO) to help them manage Payroll, Employee Benefits, and other compliance related functions.

On Sunday evening PrismHR identified suspicious activity on their servers that impacted both their payroll and benefits technology platforms. They immediately implemented security measures and shut down access by all parties to their system in an effort to identify the threat, protect data, and strengthen the security of their system.

This caused disruption to many of the PEO and payroll companies that utilize the PrismHR software. They were unable to access the system to process any payroll needs and sent many scrambling to look for temporary solutions.

Who Was Impacted by the PrismHR Security Threat?

While many PEO's were impacted by this threat, not all were, including some who partner with PrismHR.

Those who utilize PrismHR as a cloud based provider no longer had access to their system. For Employers and Employees who were partnered with PEO's with this type of relationship, they too were completely blocked from even viewing data. Employees were unable to access pay information, Employers were unable to onboard new hires through the software or upload any payroll data for the upcoming payroll period.

PEO's who partner with PrismHR but host the software on their platforms were not impacted by this security threat and they were able to continue on with business as usual. Groups like Engage PEO fall into this category and their clients experienced no interruption in service.

For PEO's like FrankCrum and CoAdvantage that run their own proprietary software, they were never in any danger and had no exposure to the threat.

What About Data Housed on PrismHR?

PrismHR released a statement on March 3rd 2021 that in part read:

"Although our investigation is still ongoing, we can report that there is currently no evidence of unauthorized access, misuse or theft of data contained on its servers."

At this time they appear confident that the security measure they had in place worked effectively and no company or employee data has been compromised. In addition to their own internal teams PrismHR brought in an outside Cyber Security firm to assure them of all risks and identify when it was safe to bring systems back online.

When Will Systems Be Back Up and Running?

All signs point to most PEO's having their systems back up and running by March 5th. For groups that had to estimate payroll, reconciliation will be happening immediately to impact as few people as possible. For those that did not have a payroll run needed for this Friday, it is most likely that they will not have any interruptions in regards to running their next payroll.

Should Employees Take Any Action?

While PrismHR is communicating that there has not currently been any evidence of data loss or theft, it is always a best practice as an additional safety measure to change passwords.

Anyone with data connected to or housed by PrismHr can take the precautionary measure of changing their password in an attempt to further protect their information.

Where Can I Get Updates or More Information?

The PEO Consulting team at PEO Focus is available to answer any additional questions you may have and help you understand what options you have in making sure your data is protected. You can call at 1-888-991-7367 or email at info@peofocus.com