Newfoundland and Labrador Health Services Faces Backlash Over Phishing Exercise
Health-care workers across Newfoundland and Labrador are expressing frustration after receiving an email that appeared to reward staff with an additional paid day off, only to discover it was part of a cybersecurity training exercise.
Union leaders say the incident has damaged morale among employees already coping with heavy workloads, staffing pressures, and the recent implementation of a new provincial health information system.
Unions Call the Test “Insulting” and “Disrespectful”
Thousands of employees with Newfoundland and Labrador Health Services (NLHS), including nurses, physicians, and support staff, received an email on Tuesday informing them they would receive an extra paid day off in recognition of their efforts during a period of significant workplace change.
The message invited workers to register for a so-called “June Holiday,” described as a benefit available to all NLHS employees.
However, staff later learned the email was actually a phishing simulation designed to test cybersecurity awareness.
Yvette Coffey, president of the Registered Nurses’ Union Newfoundland and Labrador, said the exercise was poorly judged and deeply upsetting for many employees.
“It was actually insulting, degrading, disrespectful,” Coffey said. “Our members are mad and so am I.”
The reaction highlights broader concerns about employee well-being in a health-care system that has faced significant operational challenges in recent years.
Health Authority Issues Public Apology
NLHS officials have apologized publicly for the email campaign.
Interim CEO Ron Johnson acknowledged the exercise was a mistake and said the organization would investigate how the message was approved and whether it was developed internally or by an external contractor, including consulting firm Ernst & Young.
“This really missed a mark,” Johnson told reporters.
“What happened here, obviously, is that all the lenses that were required to review the scenario weren’t placed on it.”
Johnson added that the email did not reflect how the organization values its workforce.
“It’s not reflective of how we value our employees.”
CorCare Rollout Added to Existing Workplace Stress
The controversy comes amid ongoing pressures linked to the rollout of CorCare, a new health information system introduced across Newfoundland and Labrador’s health-care network.
According to Coffey, many nurses and other staff members worked mandatory overtime and faced restrictions on leave requests leading up to the system’s launch earlier this year.
She said employees have been under considerable strain as they adapt to new technologies and workflows.
“All that stress, all that mandatory overtime, and to then try to hook staff with the promise of a day off?” Coffey said.
“It was a cheap shot at our members.”
For Canadian health-care workers already dealing with staffing shortages and burnout concerns, the incident has resonated far beyond the province.
Cybersecurity Remains a Priority After Major 2021 Attack
Cybersecurity training has become a major focus within Newfoundland and Labrador’s health system following a significant cyberattack in 2021.
The attack disrupted key health-care computer systems for months and exposed sensitive information. A subsequent provincial investigation found that a member of the Hive ransomware group gained access through a stolen password and extracted health data from the network.
In response, health authorities have expanded cybersecurity awareness initiatives aimed at reducing the risk of future breaches.
However, union leaders argue that employee training must be conducted in a way that respects workers and acknowledges the realities of frontline health care.
Some Workers Considering Retirement
Jerry Earle, president of the Newfoundland and Labrador Association of Public and Private Employees (NAPE), said the reaction among staff has been intense.
He noted that some workers have indicated the incident may influence their decision to leave the workforce sooner than planned.
“Employees are stressed to the max,” Earle said. “This may be the straw that broke the back for many.”
According to Earle, at least one health-care professional contacted the union to say they were considering retirement following the episode.
“I’ve heard from some already, said ‘I could have retired six months ago. If this is the way my employer is going to respect me, I’m out of there.’”
Employees Describe Feeling Misled
Union representatives also shared messages from frontline workers who said they felt emotionally affected by the email.
One employee admitted clicking the link and initially believing the promised day off was genuine.
“When I first read the email, I teared up. For a moment, I felt like our hard work and dedication were finally being recognized,” the worker wrote.
“Instead, I was left feeling foolish.”
The response underscores how strongly many employees had hoped for recognition after months of demanding work conditions.
Growing Debate Over Workplace Recognition
The controversy has sparked a broader discussion about employee appreciation and workplace culture within the health-care sector.
Coffey argued that the health authority should honour the promise made in the email and provide staff with the additional paid day off that was advertised.
While NLHS has not indicated it will do so, the incident has become a reminder of the delicate balance organizations must strike between strengthening cybersecurity and maintaining employee trust.
As Newfoundland and Labrador’s health-care system continues its modernization efforts, union leaders say meaningful recognition and respect for frontline workers will be essential to retaining experienced staff and rebuilding morale.
