Listen to this article
Estimated 5 minutes
The audio version of this article is generated by AI-based technology. Mispronunciations can occur. We are working with our partners to continually review and improve the results.
Employees of Newfoundland and Labrador’s health authority recently received an email thanking them for their hard work in recent months with the promise of a day off — only to find out it was all just a cybersecurity test.
In an email obtained by CBC News, Newfoundland and Labrador Health Services said in recognition of the work they’d put in during the recent implementation of the new digital health information system CorCare, all employees would receive a paid day off.
The email — which was titled “June Holiday” — contained instructions to register for the day off by June 17 by clicking on a link.
“Thank you for the care, professionalism, and commitment you continue to bring to N.L. Health Services and to the people and community we serve,” the email concluded.
However, it turned out the email was sent as part of an internal cybersecurity test to track employees who clicked on the link.
In an email sent Wednesday, vice president of digital health and interim chief information officer Steve Lockyer apologized for what he called the “cybersecurity awareness email.”
“We are taking a step back to review how these exercises are developed and communicated to ensure they reflect the respectful and supportive culture we strive to foster,” he wrote.
‘Very poor taste,’ says RNU president
Organizations that represent health-care workers have been quick to slam the province’s health authority over the move.
Registered Nurses’ Union Newfoundland and Labrador president Yvette Coffey said while cybersecurity education is important, nurses are upset over the email at a time when many are stressed over working conditions.
Speaking with CBC News on Wednesday, Coffey said her members were “exhausted” in the CorCare rollout, constantly troubleshooting and working mandatory overtime. There are cases of denied leave. She said some people opted to quit.
“And to only find out that this was a test… It is not in good taste. It is very insensitive and very disrespectful to our members, and someone has to be held accountable for this one,” she said, adding an apology is not enough from her perspective.
Jerry Earle, president of the Newfoundland and Labrador Association of Public and Private Employees, told CBC he’s “absolutely disgusted” with what he’s calling “a cruel hoax.”
“Our members deserve better than to be taunted with the promise of a day off after the incredible amount of work and sacrifice they made to get CorCare up and running,” he wrote in a statement.
Similar to the nurses’ union, he said his members were denied vacation time and worked long hours due to the CorCare launch.
Like Coffey, Earle said cybersecurity education awareness is important but said the way in which NLHS went about it was inappropriate.
On top of an apology, Earle wants an internal investigation and those responsible for the exercise to be removed from their positions.
“If one of our members did something as cruel as this, they would be out of a job today.”
‘Morale is already fragile:’ NLMA
CorCare — which is expected to cost $600 million over a decade — was implemented by the health authority on April 25.
It was touted by NLHS officials as providing health-care professionals and patients with a single shared digital health record, and supporting safer care for patients, smoother transitions between services and better continuity across hospitals, clinics, continuing care and community care.
However, some doctors said a mandatory sign-on to use the system was unfair, and the health authority ultimately ended up backtracking, making it voluntary.
The contract was also changed so that community physicians would not have to assume legal and financial liability for privacy breaches.
When people saw the email promising a day off, Newfoundland and Labrador Medical Association president Dr. David Metcalfe said they thought they were being recognized for the work with helping implement CorCare’s rollout.
“To learn this was a test has left many feeling demoralized at a time when morale is already fragile,” he said in a statement.
“This approach also reinforces the perception that their experiences and struggles are not being taken seriously and it erodes trust in the messages they receive related to CorCare.”
He’s hoping NLHS will do better going forward.
Newfoundland and Labrador Health Authority interim CEO Ron Johnson says the cybersecurity test, with the subject June Holiday, was insensitive and missed the mark, but it’s not yet clear how it got sent in the first place.
Investigation is ongoing: CEO
Interim Newfoundland and Labrador Health Services CEO Ron Johnson told reporters Wednesday afternoon he received the email himself and “felt the insensitivity.”
He said an investigation is underway, looking at the approvals process, including exchanges with consultants at Ernst and Young, who he said were working with NLHS on the cybersecurity campaign.
Johnson was asked if anyone was going to be fired over the incident.
“Right now we’re trying to understand how this happened and we’re too early to even discuss this type of thing,” he said.
Download our free CBC News app to sign up for push alerts for CBC Newfoundland and Labrador. Sign up for our daily headlines newsletter here. Click here to visit our landing page.
