.png)
3 hours ago
9
For years, healthcare staff in the Canadian province of Newfoundland and Labrador have felt overworked and under-appreciated. Turnover, burnout and thinning resources were pushing workers in the sector to a breaking point.
So when the email titled “June Holiday” arrived in thousands of inboxes, they felt a moment of overdue joy.
The message thanked them for their professionalism and their work ethic, citing hundreds of hours of recent mandatory overtime to implement a new digital platform called CorCare. The email said the province “recognizes the work employees have carried through a significant period of change”, and, as a token of appreciation, it promised to reward them with a paid day off.
“Thank you for the care, professionalism, and commitment you continue to bring to N.L. Health Services and to the people and community we serve,” it said.
Recipients were told to simply click a link to register for the “June Holiday” on offer. The email was sent to staff from an outside domain: remailmail.com.
It was a sign that anyone hoping for a well-deserved day off was about to be disappointed.
The following day, they were informed that the message – and their paid vacation day – was in fact part of an internal cybersecurity test to track employees who clicked on the link.
When staff, many of whom were denied time off during the rollout of CorCare, learned they’d been tricked, their reaction was disbelief and anger.
One union president said he and others were “disgusted” at the “cruel hoax” that targeted fatigued workers.
“Our members deserve better than to be taunted with the promise of a day off after the incredible amount of work and sacrifice they made to get CorCare up and running,” Jerry Earle, president of the Newfoundland and Labrador Association of Public and Private Employees, said in a statement.
Earle also said that at least one person had quit after the email, calling it a “straw that broke the back” for burned-out employees.
Yvette Coffey, president of the Registered Nurses’ Union Newfoundland and Labrador, echoed those frustrations, telling CBC News that the stress associated with mandatory overtime, combined with denied vacation requests for time off, had led people to quit during the rollout of CorCare.
She called the test “very insensitive and very disrespectful to our members” and called for and someone “to be held accountable for this one”.
Hospitals and healthcare networks across the country have become a target for hackers, who can freeze entire systems in pursuit of ransoms. Newfoundland in particular had good reason to worry about the threat of “phishing”, where malicious links are hidden in seemingly innocuous emails: in 2021, a cyber-attack took certain healthcare computer systems in the province offline for months.
Officials quickly apologized for last week’s particular email, however, calling for an internal investigation into how it was sent.
“We are taking a step back to review how these exercises are developed and communicated to ensure they reflect the respectful and supportive culture we strive to foster,” wrote Ron Johnson, the health board’s interim CEO. He later told reporters that the test “really missed a mark” and was “not reflective of how we value our employees”.
Other union leaders said the apology fell short of capturing the profound disappointment of staff.
“While I understand that cybersecurity awareness is important, especially in a healthcare setting, targeting a benefit like paid time off is disgusting,” said Sherry Hillier, the CUPE Newfoundland and Labrador president, in a statement.
“These workers are tired, burned out, and desperate for time off. As the employer, NL Health knows that and chose to exploit that feeling anyway.”
