ST. JOHN’S - Union leaders in Newfoundland and Labrador say a “cruel” cybersecurity test has outraged health-care workers across the province and may push some to an early exit.
Thousands of nurses, doctors and other workers at Newfoundland and Labrador Health Services (NLHS) received emails from the employer on Tuesday, promising an extra paid day off in recognition of recent hard work — only to learn later that the email was a phishing cybersecurity test, designed to trick employees.
“It was actually insulting, degrading, disrespectful,” said Yvette Coffey, head of the Registered Nurses Union in Newfoundland and Labrador. “Our members are mad and so am I.”
Officials at Newfoundland and Labrador Health Services have publicly apologized for the email. Ron Johnson, the health board’s interim CEO said Wednesday, that authorities would begin to investigate how the email was sent — and whether it was written by NLHS staff or a contractor at Ernst & Young.
“This really missed a mark,” Johnson told reporters. “What happened here, obviously, is that all the lenses that were required to review the scenario weren’t placed on it.”
“It’s not reflective of how we value our employees.”
Frustrations were already high inside the health-care system in Newfoundland and Labrador according to Coffey, because of a stressful rollout of a new health information system and software back-end called “CorCare.”
Coffey said her members were working mandatory overtime and were denied leave in the run-up to CorCare’s launch this spring.
“All that stress, all that mandatory overtime, and to then try to hook staff with the promise of a day off?” said Coffey.
“It was a cheap shot at our members.”
The email promised “one additional paid day off” in recognition of the work that had gone into the CorCare transition. It asked employees to register for the “June Holiday,” that was purportedly available to all NLHS employees.
“It recognizes the work employees have carried through a significant period of change,” the email read.
The email was sent to NLHS staff from an outside domain: remailmail.com
‘I was left feeling foolish’
Cybersecurity training has taken centre stage inside health-care bodies in Newfoundland and Labrador, after a cyber attack in 2021 took certain health-care computer systems offline for months.
A provincial investigation found a hacker with Hive ransomware group, used a stolen password to access health authority systems. The group stole health information from the system.
Jerry Earle, president of Newfoundland and Labrador Association of Public and Private Employees (NAPE) said Thursday, that he has received correspondence from at least one health-care specialist who has decided to leave work after the incident.
“Employees are stressed to the max,” he said. “This may be the straw that broke the back for many.”
“I’ve heard from some already, said ‘I could have retired six months ago, if this is the way my employer is going to respect me, I’m out of there.’”
Union officials shared feedback from frontline health-care workers who wrote to their union representatives about how hurtful the exercise was.
“I was one of the people who clicked the link. When I first read the email, I teared up. For a moment, I felt like our hard work and dedication were finally being recognized,” one union member wrote. “Instead, I was left feeling foolish”
Coffey said the health board should make good on the phony promise and give employees a day off.
