Healthcare workers in Newfoundland and Labrador, already strained by turnover, burnout, and thinning resources, were angered by a cybersecurity test email that falsely promised a paid day off. The email, titled 'June Holiday,' thanked staff for their professionalism and work ethic, citing hundreds of hours of mandatory overtime during the rollout of a new digital platform called CorCare. It offered a paid day off as a token of appreciation, directing recipients to click a link to register.
The email came from an outside domain, remailmail.com. The following day, staff learned the message was part of an internal cybersecurity test to track employees who clicked the link. Many had been denied time off during the CorCare rollout, leading to disbelief and anger.
Union leaders condemn 'cruel hoax'
Jerry Earle, president of the Newfoundland and Labrador Association of Public and Private Employees, said he and others were 'disgusted' at the 'cruel hoax.' In a statement, Earle said: 'Our members deserve better than to be taunted with the promise of a day off after the incredible amount of work and sacrifice they made to get CorCare up and running.' He added that at least one person quit after receiving the email, calling it the 'straw that broke the back' for burned-out employees.
Yvette Coffey, president of the Registered Nurses’ Union Newfoundland and Labrador, echoed those frustrations, telling CBC News that mandatory overtime and denied vacation requests led people to quit during the CorCare rollout. She called the test 'very insensitive and very disrespectful to our members' and called for someone 'to be held accountable for this one.'
Cybersecurity context and apology
Hospitals and healthcare networks across Canada have become targets for hackers. In 2021, a cyber-attack took healthcare computer systems in Newfoundland and Labrador offline for months. Officials quickly apologized for the email, calling for an internal investigation. Ron Johnson, the health board’s interim CEO, wrote: 'We are taking a step back to review how these exercises are developed and communicated to ensure they reflect the respectful and supportive culture we strive to foster.' He later told reporters the test 'really missed a mark' and was 'not reflective of how we value our employees.'
Other union leaders said the apology fell short. Sherry Hillier, the CUPE Newfoundland and Labrador president, stated: 'While I understand that cybersecurity awareness is important, especially in a healthcare setting, targeting a benefit like paid time off is disgusting. These workers are tired, burned out, and desperate for time off. As the employer, NL Health knows that and chose to exploit that feeling anyway.'
