Canadian healthcare workers furious after 'promised' paid day off turns out to be cybersecurity test
Leyland Cecco
Healthcare workers in Newfoundland and Labrador, Canada, were outraged after a phishing test promised them a paid holiday, only to reveal it was a cybersecurity drill. Unions condemned the 'cruel joke' as insensitive and disrespectful, with at least one employee quitting as a result.
For years, healthcare workers in Canada's Newfoundland and Labrador province have felt overburdened and undervalued. High turnover, burnout, and dwindling resources have pushed them to their limits.
So when an email with the subject line 'June Holiday' landed in the inboxes of thousands of staff, many felt a glimmer of long-overdue recognition.
The message thanked them for their professionalism and work ethic, citing hundreds of hours of mandatory overtime recently required to roll out a new digital platform called CorCare. It said the province 'acknowledges the effort staff have put in during a period of significant change' and, as a token of gratitude, they would be rewarded with a paid day off.
'Thank you for the attention, professionalism and commitment you continue to bring to N.L. Health Services and to the people and communities we serve,' the email read.
Recipients were asked simply to click a link to register for the 'June Holiday'. The email was sent from an external domain: remailmail.com.
That was the first clue that anyone hoping for a well-deserved day off was in for a disappointment.
The next day, they were told the message—and the promised paid holiday—was actually part of an internal cybersecurity test designed to track which employees clicked the link.
Upon learning they had been deceived, many workers who had been denied leave during the CorCare rollout reacted with disbelief and anger.
One union president said he and others felt 'disgusted' by the 'cruel joke' aimed at exhausted employees.
'Our members deserve to be treated better than to be mocked with a promise of a day off after the tremendous workload and sacrifice they put in to make CorCare operational,' Jerry Earle, president of the Newfoundland and Labrador Public and Private Sector Labour Association, said in a statement.
Earle added that at least one person had resigned after the email, calling it 'the straw that broke the camel's back' for burnt-out staff.
Yvette Coffey, president of the Newfoundland and Labrador Registered Nurses Association, echoed the outrage. She told CBC News that the pressure from mandatory overtime, combined with denied leave requests during the CorCare implementation, had driven many to quit.
She called the test 'very insensitive and very disrespectful to our members' and demanded 'someone needs to be held accountable for this.'
Hospitals and health networks across Canada have been targets of hackers, who can freeze entire systems for ransom. Newfoundland has particular reason to worry about phishing threats, where malicious links are hidden in seemingly harmless emails: in 2021, a cyberattack paralyzed several provincial medical computer systems for months.
Officials quickly apologized for last week's email and called for an internal investigation into how it was sent.
'We are taking a step back to examine how these exercises are developed and communicated, to ensure they reflect the culture of respect and support we strive to foster,' wrote Ron Johnson, interim CEO of the health board. Later, he told reporters the test 'really missed the mark' and 'does not reflect how we value our employees.'
Other union leaders said the apology did not capture the deep frustration among staff.
'While I understand that cybersecurity awareness is important, especially in a healthcare setting, targeting a benefit like paid time off is disgusting,' Sherry Hillier, president of CUPE Newfoundland and Labrador, said in a statement. 'These workers are tired, exhausted, and desperate for time away. As an employer, NL Health knows that and still chose to exploit those emotions.'
