CorVel's Internet Troubles – The Company's Response, and the Impact on You

Multiple independent sources tell me CorVel has suffered some sort of internet outage that has affected its bill review and other services. Sources indicate this is corporate and not limited to a specific office or offices, and evidently began on or about Sunday. Whether this is due to a ransomware attack or other issue is unclear.

Evidently the internal phone system, email, provider lookups, and other services are also down. (as of this posting)

Here’s hoping problems get fixed very soon. A knowledgeable source indicated his/her clients affected by the outage have been informed this will not be resolved “this week.” A receptionist at CorVel said internal phones should be working Monday.

I’ve sent multiple emails and even a tweet to CorVel asking about this, and to date have received no response other than that noted above. In addition, I’ve looked high and low for some sort of public acknowledgement by CorVel of the issue, and haven’t seen anything yet.

(Before you start hurling brickbats, while I’m not exactly a fan of Corvel, I’ve publicly defended the company in the past.

I’m puzzled by the lack of public acknowledgement. When multiple people at AASCIF are aware of the issue, when competitors know about it, and when at least two customers are informed, I don’t see the logic in keeping it quiet.  One could argue that CorVel management doesn’t want to go public about this as it may harm relations with current and prospective customers, or perhaps affect investor views of the company.

That, I would counter-argue, is nonsensical (forgive me for arguing against a self-constructed straw man, but absent any response from CorVel I have no alternative). This is a very small industry, word travels very quickly, and as any PR exec with any experience knows, when bad things happen by FAR the best option is to get out in front of the issue, tell your story, and thus manage the message.

Great ideas on this are here.

Then there’s the issue of Personal Health Information. If this was a hack that resulted in the capture of PHI – and we do NOT know it was or wasn’t – that’s problematic in and of itself.

I know it may be difficult for CorVel to get the message out, but there are cellphones, personal email addresses, and other means of communicating (twitter…).

If you don’t get in front of the problem, competitors will define the issue, its extent and potential impact. Sooner or later reporters will hear about it and it will become public.  And, you may lose credibility with customers and prospects who are/will be relying on you.

For everyone else, this is going to be a big pain in the neck.

Over the near term, patients, adjusters, and case managers involved in any claims affected by communications issues will have work to do. Every day things  go unresolved, issues – and the work to resolve them – compound.

Other work comp services suppliers are going to have to answer even more queries about data security, backup and storage protection, liability insurance and the like. Many may have to buy additional insurance coverage, agree to penalties for problems like this, beef up tech capabilities and expertise, and do whatever else hyper-risk-sensitive buyers can come up with.

As a result, it’s going to be even tougher for smaller service companies to acquire and manage the technology and expertise required by work comp payers. This isn’t good for anyone.

What does this mean for you?

Short-sighted competitors may see it as an advantage, when in reality it’s just going to make their own lives more complicated and the sales cycle even longer and more difficult.

Make damn sure your own web security is robust – and have one of those outside tech firms test your protections on an ongoing basis.

Here’s hoping this has minimal impact on CorVel and its customers, the company is back up and running quickly and completely, and we all learn a lesson from this.

By Joe Paduda

Courtesy of Managed Care Matters

Share This Article: