Listen to this article
Estimated 4 minutes
The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.
Employees of Newfoundland and Labrador’s health authority recently received an email thanking them for their hard work in recent months with the promise of a day off — only to find out it was all just a cybersecurity test.
In an email obtained by CBC News, Newfoundland and Labrador Health Services said in recognition of the work they’d put in during the recent implementation of the new digital health information system CorCare, all employees would receive a paid day off.
The email — which was titled “June Holiday” — contained instructions to register for the day off by June 17 by clicking on a link.
“Thank you for the care, professionalism, and commitment you continue to bring to N.L. Health Services and to the people and community we serve,” the email concluded.
However, it turned out the email was sent as part of an internal cybersecurity test to track employees who clicked on the link.
In an email sent Wednesday, vice president of digital health and interim chief information officer Steve Lockyer apologized for what he called the “cybersecurity awareness email.”
“We are taking a step back to review how these exercises are developed and communicated to ensure they reflect the respectful and supportive culture we strive to foster,” he wrote.
‘Very poor taste,’ says RNU president
Organizations that represent health-care workers have been quick to slam the province’s health authority over the move.
Registered Nurses’ Union Newfoundland and Labrador president Yvette Coffey said while cybersecurity education is important, nurses are upset over the email at a time when many are stressed over working conditions.
“Nurses and other health-care professionals have worked through enormous pressure over the last number of years, including ongoing staffing shortages, burnout, organizational restructuring, and the challenges connected to the rollout of CorCare,” she said in a statement Wednesday morning.
“To use the promise of an additional paid day off as the hook for a phishing exercise was in very poor taste.”
Jerry Earle, president of the Newfoundland and Labrador Association of Public and Private Employees, said he’s “absolutely disgusted.”
“Our members deserve better than to be taunted with the promise of a day off after the incredible amount of work and sacrifice they made to get CorCare up and running,” he wrote in a statement.
He said members were denied vacation time and worked long hours due to the CorCare launch.
“To use those sacrifices as the basis for a phishing test is nothing short of cruel.”
Like Coffey, Earle said cybersecurity education awareness is important but said the way in which NLHS went about it was inappropriate in this instance.
On top of an apology, Earle also wants those responsible for the exercise to be removed from their positions.
“If one of our members did something as cruel as this, they would be out of a job today.”
CorCare — which is expected to cost $600 million over a decade — was implemented by the health authority on April 25.
It was touted by NLHS officials as providing health-care professionals and patients with a single shared digital health record, and supporting safer care for patients, smoother transitions between services and better continuity across hospitals, clinics, continuing care and community care.
However, some doctors said a mandatory sign-on to use the system was unfair, and the health authority ultimately ended up backtracking, making it voluntary.
The contract was also changed so that community physicians would not have to assume legal and financial liability for privacy breaches.
Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Sign up for our daily headlines newsletter here. Click here to visit our landing page.
